Re: Terminal Server GPO Issue
- From: Jon - Server Admin <JonServerAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Sep 2006 13:04:02 -0700
The name of the OU where the GPOs should be applied is: Citrix PS
The name of the OU where the GPOs should not be applied is: Citrix XP
They both sit at the same level under an OU called Servers.
"Jon - Server Admin" wrote:
The following is the output of gpresult /v after I logged onto one of the.
servers that is not in the OU where the GPO is supposed to be applied and I
have a redirected desktop (I will provide answers to your other 2 questions
in a separate post to follow):
U:\Documents and Settings\jluchette>gpresult /v
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 9/1/2006 at 3:51:55 PM
RSOP data for EMERSON\jluchette on GECTS4 : Logging Mode
---------------------------------------------------------
OS Type: Microsoft(R) Windows(R) Server 2003, Standard
Editi
on
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: \\fp3\profiles$\JLuchette
Local Profile: U:\Documents and Settings\jluchette
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=GECTS4,OU=Citrix XP,OU=Servers,DC=emersonhosp,DC=org
Last time Group Policy was applied: 9/1/2006 at 3:50:01 PM
Group Policy was applied from: ads02.emersonhosp.org
Group Policy slow link threshold: 500 kbps
Domain Name: EMERSON
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
SMS Exception
Local Group Policy
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Default Domain Policy
Filtering: Not Applied (Unknown Reason)
Sharepoint Auth GPO
Filtering: Not Applied (Unknown Reason)
The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
GECTS4$
Domain Computers
Resultant Set Of Policies for Computer
---------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
N/A
Shutdown Scripts
----------------
N/A
Account Policies
----------------
N/A
Audit Policy
------------
N/A
User Rights
-----------
N/A
Security Options
----------------
N/A
N/A
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: SMS Exception
KeyName:
Software\Policies\Microsoft\Windows\System\UserPoli
cyMode
Value: 2, 0, 0, 0
State: Enabled
GPO: Local Group Policy
KeyName:
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Explorer\NoActiveDesktop
Value: 1, 0, 0, 0
State: Enabled
USER SETTINGS
--------------
CN=Luchette\, Jon,OU=Admin Accounts,DC=emersonhosp,DC=org
Last time Group Policy was applied: 9/1/2006 at 3:48:55 PM
Group Policy was applied from: ads02.emersonhosp.org
Group Policy slow link threshold: 500 kbps
Domain Name: EMERSON
Domain Type: Windows 2000
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
SMS Exception
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
CTX Summitt Dashboad
Sharepoint_Users
Citrix_Std_Apps
CTX Meditech NUI only
MIG Admin Group
2k3TSLogon
CTX_GE_PMIS
CTX_OBTVRemote
Citrix_Support
Roaming Users
HospitalistZ
Remote_IS
Emerson Email
IS
Domain Admins
Capital
Support
VMAX Users
Mail Admins
Operations Admins
IS-1
ISEnterpriseDL
Schema Admins
Enterprise Admins
Test_Jon
DnsAdmins
IS Citrix Policy
IS Server Support
DHCP Administrators
Office Citrix Policy
The user has the following security privileges
----------------------------------------------
Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Resultant Set Of Policies for User
-----------------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
N/A
Internet Explorer Connection
----------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
U:\Documents and Settings\jluchette>
"strongline" wrote:
can u post the output of "gpresult /v" while reproducing the issue? I
would also like to see the name of the GPO in question, the DN of the
containing OU of the server that is NOT supposed to get the GP, etc.
Jon - Server Admin wrote:
we are already using loopback policy processing on these GPO's. and no, the
user accounts are not in the same OU as the servers mentioned.
"strongline" wrote:
Are affected users in the same OU that contains those 6 TS?
Keep in mind that User Configurations will be applied to user accounts
only, while Computer Configurations will be applied to only computer
objects.
All your desired settings are User-specific settings - meaning they
were applied through uers objects only. It should not take effect if
you linked it to an OU that contains only TS servers.
If you want to apply user-specific settings onto certain computers, you
will have to enable lookback. Just google "group policy loopback", you
- Follow-Ups:
- Re: Terminal Server GPO Issue
- From: strongline
- Re: Terminal Server GPO Issue
- From: strongline
- Re: Terminal Server GPO Issue
- References:
- Re: Terminal Server GPO Issue
- From: strongline
- Re: Terminal Server GPO Issue
- From: strongline
- Re: Terminal Server GPO Issue
- From: Jon - Server Admin
- Re: Terminal Server GPO Issue
- Prev by Date: Re: Terminal Server GPO Issue
- Next by Date: Re: Bind Redirection in ADAM
- Previous by thread: Re: Terminal Server GPO Issue
- Next by thread: Re: Terminal Server GPO Issue
- Index(es):
Relevant Pages
|
