GPO on Terminal Server

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

I have applied a GP on a new OU and placed a terminal server oject in the
OU. The domain is a Windows 2000 domain and the terminal server is a member
server running 2003.

The goal is to only affect users who are signing onto the terminal server.
The GP is using Loopback processing in replace mode. Authenticated users
have been given read and apply group policy access. Administrators have been
denied apply group policy access.

The problem I am having is the GP is not applied when a user signs onto the
terminal server. I varified this by running gpresults. I also noticed that
if I place a user object in the same OU the policy does apply.

What can I do to correct the problem that I am having. Any info would be
greatly appreciated.

Thanks,

Tim Heilman

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

The technique you describe seems normal - I usually use "Merge" instead of
"Replace", and put User settings into a seperate GPO, but I don't think that
should not make a difference.

I notice that the "default" permissions for Authenticated Users on my GPOs
is:
Read
Apply Group Policy
Special

The Advanced Security Settings says that the "Special" permissions are:

List Contents
Read All Properties
Read Permissions

Also, SYSTEM has:
Read
Write
Create Al l Child Objects
Delete All Child Objects
Special

The "Special" permissions appear to be all permissions except:
Full Control
All Extended Rights
Apply Group Policy

At the risk of sounding insulting, have you verified that the Loopback
setting has been applied to the server in question (e.g. restarted it, or
used gpupdate and used the GPMC RSOP Wizard)?

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.


"Tim Heilman" <TimHeilman@discussions.microsoft.com> wrote in message
news:A13169C3-7DB0-4954-A0AB-FCE6C14304DD@microsoft.com...
> Hi,
>
> I have applied a GP on a new OU and placed a terminal server oject in the
> OU. The domain is a Windows 2000 domain and the terminal server is a
> member
> server running 2003.
>
> The goal is to only affect users who are signing onto the terminal server.
> The GP is using Loopback processing in replace mode. Authenticated users
> have been given read and apply group policy access. Administrators have
> been
> denied apply group policy access.
>
> The problem I am having is the GP is not applied when a user signs onto
> the
> terminal server. I varified this by running gpresults. I also noticed
> that
> if I place a user object in the same OU the policy does apply.
>
> What can I do to correct the problem that I am having. Any info would be
> greatly appreciated.
>
> Thanks,
>
> Tim Heilman
>
>
>