Re: GP loopback processing on Windows 2003 terminal service, strange problem!
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/17/04
- Next message: Anonymous: "Re: Software Installation using Group Policy"
- Previous message: Johan H: "GP loopback processing on Windows 2003 terminal service, strange problem!"
- In reply to: Johan H: "GP loopback processing on Windows 2003 terminal service, strange problem!"
- Next in thread: Mark Renoden [MSFT]: "Re: GP loopback processing on Windows 2003 terminal service, strange problem!"
- Reply: Mark Renoden [MSFT]: "Re: GP loopback processing on Windows 2003 terminal service, strange problem!"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 17 Dec 2004 01:15:32 -0600
You should not have to go through all that to get the policy to work
consistently. Once it applies to a user, it should stay that way unless it
is changed or another policy is overriding it assuming the domain is
configured correctly. Look in Event Viewer on the servers to see if any
pertinent errors are reported and make sure that the Windows 2003 built in
firewalls are disabled. Make sure that the user you are trying out that is
having inconsistent policy applied to is not a member of the administrators
group.
Loopback processing can be configured to be either merger or replace mode,
so I would make sure it is in replace mode. The other thing to check is that
dns is configured correctly in the domain. Since you have one domain
controller, make sure it is pointing to only itself as it's preferred dns
server and as shown via Ipconfig /all and of course it should have a static
IP. Check that your other W2003 Server points ONLY to the domain controller
as it's preferred dns server and NEVER have an ISP dns server listed in the
preferred dns server list of any domain computer or all kinds of problems
can occur. You might also want to test your dc with the support tools
netdiag and dcdiag and the W2003 Server TS with netdiag looking for any
pertinent errors. --- Steve
"Johan H" <write2johan@hotmail.com> wrote in message
news:OEMu2LA5EHA.2592@TK2MSFTNGP09.phx.gbl...
> Got one Windows 2003 Server as an DC and on Windows 2003 Server as an
> Terminal Service (program server).
> Created an OU and placed the TS machine in it. This OU got an own GP
> that locks down this machine (users are only allowed to start one
> program). The GP has the "Loopback Processing" activated to override
> any other GP's then logging on to the TS server.
> When logging on as an administrator, the GP won't load until I do a
> manually "gpupdate" in the CMD window.
> Same thing if logging on as a user, the GP won't load. Running
> "gpupdate" don't have any effect. When running "gpresult", only the
> "User GP" shows. Is this some kind of security problem? Eg the user
> is not local administrator on this TS server?
> After I log on as administrator and run the gpupdate, the policy
> seems to load. Next time I logon as an administrator the policy is
> loaded.
> After this, logging on as the user, everything is OK!
> But... I don't want the administrator to be prohitbited to use the
> admin functions through TS.
> I added the "Administrators" group to the GP's security tab and set
> the security to "Deny Apply Group Policy".
> Fine so far, now logging on as an administator the lockdown GP won't
> load.
> BUT!
> After a while, also the USERS looses the lockdown GP. Not on the
> first login (after the "Deny" security was added for admins), not on
> the second... But suddenly the GP is not loaded anymore!
> To get it back, I'll have to remove the admin "Deny Apply GP", logon
> as an admin, run the "gpupdate" and THEN the lockdown GP is again
> loaded when users logon.
> Why is this?
- Next message: Anonymous: "Re: Software Installation using Group Policy"
- Previous message: Johan H: "GP loopback processing on Windows 2003 terminal service, strange problem!"
- In reply to: Johan H: "GP loopback processing on Windows 2003 terminal service, strange problem!"
- Next in thread: Mark Renoden [MSFT]: "Re: GP loopback processing on Windows 2003 terminal service, strange problem!"
- Reply: Mark Renoden [MSFT]: "Re: GP loopback processing on Windows 2003 terminal service, strange problem!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
