Re: GPO only applied if user account within OU container
From: Jago (Jago_at_discussions.microsoft.com)
Date: 12/13/04
- Next message: Frank Martens: "SBS 2003 and Group Policies"
- Previous message: AdL: "Re: SOE Lockdown - Read only USB"
- In reply to: AdL: "Re: GPO only applied if user account within OU container"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 13 Dec 2004 06:09:03 -0800
Arjan,
Thanks for getting involved in this discussion.
I have been advised that I should not need to setup a local machine policy
on the TS server as the GPO should be applied to group of users without
moving the user accounts into the OU.
This is what is really throwing me. Can someone confirm whether they can
successfully apply a GPO to a group without:
1. a local machine policy
2. moving the user account/group into the OU containing the GPO
Thanks,
Jago
"AdL" wrote:
> Jago,
>
> It looks like you have set User Configuration settings in the GPO. As there
> are no users in the OU for the Terminal Server, these settings are not
> applied. This also explains why they ARE applied if you move the test user
> account into this OU.
>
> Next to the loopback option, you could also create a local policy on the
> Terminal Server, which has all the settings you need. This way, every user
> that logs on to this server will get the local policy applied. Please note
> that this will also include the domain and local administrator(s)!
>
> To prevent this policy from applying to administrators, you can set a Deny
> for the Administrators group on the %windir%\system32\GroupPolicy folder.
> This is not the best way, but it works well if you configure it with care.
>
> Regards, Arjan.
>
> "Jago" <Jago@discussions.microsoft.com> wrote in message
> news:A31E19D3-46BE-4DEF-9942-6A7F793DAC31@microsoft.com...
> > Hi,
> >
> > I have a W2K AD infrastructure and I have a problem with the application
> > of
> > a GPO which is filtered by security group.
> >
> > I have setup as follows:
> >
> > 1. created a OU called 'terminal server'
> > 2. moved my TS server to this OU
> > 3. created security group called 'TS Standard' (with member user
> > =tsstandard)
> > 4. created a GPO named 'standard' in the terminal server OU
> > 5. restricted/filtered security on the GPO by removing authenticated users
> > and adding the security group TS Standard - set read permissions and apply
> >
> >
> > When I logon the my TS machine using the tsstandard user, the standard GPO
> > is not applied
> >
> > If I move the user account into the TS Standard OU, the GPO is applied
> >
> > My understanding is that the GPO should be appied without having to move
> > the
> > user account into the OU. Correct?
> >
> > If this is not the case, please explain?
> >
> > If my understanding is correct, can someone help me as I have run out of
> > ideas?
> >
> > I have used gpresult, GPMC and diagnostic logging. The GPO is just not
> > applied.
> >
> > Thanks,
> >
> > Jago
> >
>
>
>
- Next message: Frank Martens: "SBS 2003 and Group Policies"
- Previous message: AdL: "Re: SOE Lockdown - Read only USB"
- In reply to: AdL: "Re: GPO only applied if user account within OU container"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
