Re: GPO only applied if user account within OU container
From: AdL (antispam_at_dela-d.nl)
Date: 12/13/04
- Next message: AdL: "Re: SOE Lockdown - Read only USB"
- Previous message: Ferry: "Proxy settings not applied via GPO"
- In reply to: Jago: "GPO only applied if user account within OU container"
- Next in thread: Jago: "Re: GPO only applied if user account within OU container"
- Reply: Jago: "Re: GPO only applied if user account within OU container"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Dec 2004 14:50:11 +0100
Jago,
It looks like you have set User Configuration settings in the GPO. As there
are no users in the OU for the Terminal Server, these settings are not
applied. This also explains why they ARE applied if you move the test user
account into this OU.
Next to the loopback option, you could also create a local policy on the
Terminal Server, which has all the settings you need. This way, every user
that logs on to this server will get the local policy applied. Please note
that this will also include the domain and local administrator(s)!
To prevent this policy from applying to administrators, you can set a Deny
for the Administrators group on the %windir%\system32\GroupPolicy folder.
This is not the best way, but it works well if you configure it with care.
Regards, Arjan.
"Jago" <Jago@discussions.microsoft.com> wrote in message
news:A31E19D3-46BE-4DEF-9942-6A7F793DAC31@microsoft.com...
> Hi,
>
> I have a W2K AD infrastructure and I have a problem with the application
> of
> a GPO which is filtered by security group.
>
> I have setup as follows:
>
> 1. created a OU called 'terminal server'
> 2. moved my TS server to this OU
> 3. created security group called 'TS Standard' (with member user
> =tsstandard)
> 4. created a GPO named 'standard' in the terminal server OU
> 5. restricted/filtered security on the GPO by removing authenticated users
> and adding the security group TS Standard - set read permissions and apply
>
>
> When I logon the my TS machine using the tsstandard user, the standard GPO
> is not applied
>
> If I move the user account into the TS Standard OU, the GPO is applied
>
> My understanding is that the GPO should be appied without having to move
> the
> user account into the OU. Correct?
>
> If this is not the case, please explain?
>
> If my understanding is correct, can someone help me as I have run out of
> ideas?
>
> I have used gpresult, GPMC and diagnostic logging. The GPO is just not
> applied.
>
> Thanks,
>
> Jago
>
- Next message: AdL: "Re: SOE Lockdown - Read only USB"
- Previous message: Ferry: "Proxy settings not applied via GPO"
- In reply to: Jago: "GPO only applied if user account within OU container"
- Next in thread: Jago: "Re: GPO only applied if user account within OU container"
- Reply: Jago: "Re: GPO only applied if user account within OU container"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
