Re: GPO only applied if user account within OU container

From: Ertug Gurhan (egurhan_at_hotmail.com)
Date: 12/12/04

Next message: Bruce Sanderson: "Re: Any way to kill "Automatically search for network folders and printers"?"
Previous message: andy: "Re: How to prevent RIP service from starting?"
In reply to: Jago: "GPO only applied if user account within OU container"
Next in thread: Jago: "Re: GPO only applied if user account within OU container"
Reply: Jago: "Re: GPO only applied if user account within OU container"
Messages sorted by: [ date ] [ thread ]

Date: Sun, 12 Dec 2004 15:02:54 -0500

Enable the use of the loop back policy, and apply the gpo to your TS
servers, when a user logs into the TS boxes, they will get the settings by
virtue of having the Loopback enabled.

"Jago" <Jago@discussions.microsoft.com> wrote in message
news:A31E19D3-46BE-4DEF-9942-6A7F793DAC31@microsoft.com...
> Hi,
>
> I have a W2K AD infrastructure and I have a problem with the application
of
> a GPO which is filtered by security group.
>
> I have setup as follows:
>
> 1. created a OU called 'terminal server'
> 2. moved my TS server to this OU
> 3. created security group called 'TS Standard' (with member user
=tsstandard)
> 4. created a GPO named 'standard' in the terminal server OU
> 5. restricted/filtered security on the GPO by removing authenticated users
> and adding the security group TS Standard - set read permissions and apply
>
>
> When I logon the my TS machine using the tsstandard user, the standard GPO
> is not applied
>
> If I move the user account into the TS Standard OU, the GPO is applied
>
> My understanding is that the GPO should be appied without having to move
the
> user account into the OU. Correct?
>
> If this is not the case, please explain?
>
> If my understanding is correct, can someone help me as I have run out of
> ideas?
>
> I have used gpresult, GPMC and diagnostic logging. The GPO is just not
> applied.
>
> Thanks,
>
> Jago
>

Next message: Bruce Sanderson: "Re: Any way to kill "Automatically search for network folders and printers"?"
Previous message: andy: "Re: How to prevent RIP service from starting?"
In reply to: Jago: "GPO only applied if user account within OU container"
Next in thread: Jago: "Re: GPO only applied if user account within OU container"
Reply: Jago: "Re: GPO only applied if user account within OU container"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: GP/OU Problem/Question
... DC and a separate Windows 2003 member server as the TS. ... Create OU & GPO for the TS: ... Make the Security group member of RDU. ... should be for TS servers only, ...
(microsoft.public.windows.terminal_services)
Re: GP/OU Problem/Question
... Create OU & GPO for the TS: ... Right click 'Terminal Servers' OU, ... Ensure that TestUser1 is a member of Domain Users & Remote Desktop ... Make the Security group member of RDU. ...
(microsoft.public.windows.terminal_services)
Re: GP/OU Problem/Question
... Server as a DC and a separate Windows 2003 member server as ... Create OU & GPO for the TS: ... Right click 'Terminal Servers' OU, ... If creating a separate Security Group for 'TS Users', ...
(microsoft.public.windows.terminal_services)
Re: GP/OU Problem/Question
... Server as a DC and a separate Windows 2003 member server as ... Create OU & GPO for the TS: ... Right click 'Terminal Servers' OU, ... Create Security Group for TS Users & TS desktop ...
(microsoft.public.windows.terminal_services)
Re: Windows 2008 Network Level Authentication
... temporarily block inheritance on all domain-wide GPOs on the OU ... Terminals Servers, properly licensed and set up in a round-robin ... Using either the local GPO and Disabling the Network Level ... Authentication turned completely off, and remain so. ...
(microsoft.public.windows.terminal_services)