GP and Loopback problem

[Guest]

Archived from groups: microsoft.public.windows.group_policy,microsoft.public.win2000.group_policy (More info?)

Hi All,

I have a win2k AD domain and I'm trying to get loopback to work
correctly with my terminal servers. My (roaming profile) users access
programs both ontheir computers, the network and across TS. I have 2
TS computers in their own OU, TSOU, and all the users in the USERS OU.
I created a GP in the TSOU, set all parameters in the GP, and enabled
loopback with REPLACE. There are no other GP's in AD, except for any
default GP's, which have nothing set in them. Nothing has been
modified on the TS computers also with regard to policies.

When my users access TS using Remote Desktop Connection, the Gp
applies correctly within the Remote Dwesktop window, , but I've
noticed that some users have the TSOU applied to them even though they
are not logged into TS, for example when they first log on in the
morning. This prevents them from accessing the network, c: prompt
home folders, control panel, etc.

I've tried rebooting all servers, workstations, using gpupdate, using
secedit, without success. All users use the same logon for the
network and onto TS.

Before I created the TSOU GP, a modified GP was applied to the TSUSERS
OU, and users logged onto TS with a different username. Everyone had
two different usernames. I want to avoid this.

The problem does not affect everyone, and it also appeared once (1
time in 5) when I created 5 new usernames and profiles.

Any ideas?

 

[Guest]

Archived from groups: microsoft.public.windows.group_policy,microsoft.public.win2000.group_policy (More info?)

Do you have roaming profiles?
One thought: RUP user logs onto the TS and now gets the TSpolicies applied
to their profile. When they logoff and logon elsewhere, they still have
these policies applied.

One soln: Turn off rup on the TS machine such that users profiles do not get
uploaded when they logoff (or they dont get downloaded or uploaded).
There are policies that control this, and they should all work on Win2003
server. These policies do not exist (I believe) on Win2k. XP also has some
control also.
HTH
-sucotto

"Emin Parsu" <ep@hja.org> wrote in message
news:5p8s81heuug3tatlhjqlfj19t8jv8jaka5@4ax.com...
> Hi All,
>
> I have a win2k AD domain and I'm trying to get loopback to work
> correctly with my terminal servers. My (roaming profile) users access
> programs both ontheir computers, the network and across TS. I have 2
> TS computers in their own OU, TSOU, and all the users in the USERS OU.
> I created a GP in the TSOU, set all parameters in the GP, and enabled
> loopback with REPLACE. There are no other GP's in AD, except for any
> default GP's, which have nothing set in them. Nothing has been
> modified on the TS computers also with regard to policies.
>
> When my users access TS using Remote Desktop Connection, the Gp
> applies correctly within the Remote Dwesktop window, , but I've
> noticed that some users have the TSOU applied to them even though they
> are not logged into TS, for example when they first log on in the
> morning. This prevents them from accessing the network, c: prompt
> home folders, control panel, etc.
>
> I've tried rebooting all servers, workstations, using gpupdate, using
> secedit, without success. All users use the same logon for the
> network and onto TS.
>
> Before I created the TSOU GP, a modified GP was applied to the TSUSERS
> OU, and users logged onto TS with a different username. Everyone had
> two different usernames. I want to avoid this.
>
> The problem does not affect everyone, and it also appeared once (1
> time in 5) when I created 5 new usernames and profiles.
>
> Any ideas?