Re: loopback processing

I am always using it, but cannot determine the reason:
the computer configuration is incorectly applied to administrator and is
listed under applied GPO even for a member of domain admins, this group has
denied in the apply policy permission

terminal_clients mydomain.local/Terminal servers
AD (46), Sysvol (46)


The user configuration is correctly denied for the administrator

terminal_clients mydomain.local
Access Denied (Security Filtering)


It is certainly my mistake in some step of the configuration but I cannot
find it.

Thanks for help.

"maverick" <maverick@xxxxxxxxxxxxxxxxxxxxxxxxx> pí¹e v diskusním pøíspìvku
news:D71AFF6D-5B9D-49E1-AC0C-EF45DD15EAC6@xxxxxxxxxxxxxxxx
Bobby, try a GP result using GPMC which will give you a better Idea as to
which poicly is winning and why?
Hope this Policy is not a Local Policy on the machine ?


"Bobby Gontarski" wrote:

This follows the conversation GP to computer in the middle of April in
this
conference.

I have been trying all the stuff you adviced:

Loopback should work for you, just apply the gpo settings on the ou
where
the TS resides and set the loopback option.

LoopBack
http://support.microsoft.com/?kbid=231287

Example of use
http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html

It works except that the policy on the terminal server is applied to the
admins as well which is quite undesirable, I found a lot of info but the
general advice to deny the policy for the admin does not work, the user
settings in the loopback policy I created is not applied for the admin
but
the computer settings is applied.

The settings of the loopback policy is in general according to
http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html

The permissions:
Authenticated users: read, apply
Creator owner: special permissions
Domain admins: read, write, create, delete, apply DENY
enterprise admins: read, write, create, delete
enterprise domain controllers: read
Terminal server computer: read, apply
system: read, write, create, delete

I must be missing some information. Any ideas?
Many thanks






.

Relevant Pages

  • Re: Administrator is not the "Boss" on this machine.
    ... policy, I'd see two columns, one for "setting" ... > you can not run that command you may not be logged on as an administrator. ... > If you messed with Group Policy settings for user configuration the solution above ...
    (microsoft.public.win2000.security)
  • Re: administrator locked out of SBS 2003
    ... enterprise admins ... group policy creator owners ... Other than lacking exchange administrator this is pretty much normal. ... Even the VMware KB's as I've all ready discovered the server V2.0 ...
    (microsoft.public.windows.server.sbs)
  • Re: Password reset not working
    ... At the moment your Administrator account is not being affected by the ... Default Domain Policy (you can see this by drilling down to User ... Configuration Summary -> Group Policy Objects -> Denied GPOs for the ... Since you won't put the Administrator account in that OU there is no way ...
    (microsoft.public.windows.group_policy)
  • Re: Interactive Logon problem on Server
    ... If you checked Gp Policy and you are correct that you have ... have member groups that aren't supposed to be there. ... > Enterprise Admins ... >> Logon Remotely and open the User account for Administrator and be sure ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal server profile?
    ... Computer Configuration - Administrative Templates - System - Group ... "User Group Policy loopback processing mode" ... User Configuration - Administrative templates - Windows components ... Of course I want full access to everything when an administrator ...
    (microsoft.public.windows.terminal_services)