Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv

Howdie!

Daniel schrieb:
Ok, I'm thinking that Group Policy Loopback is the problem. I do not have this currently configured for anything. So, I enabled this and now Im not sure which to choose as for merge or replace. Is there a common one to use so that I can still have people locked down and have Admin account with full rights?

Merge mode simply "merges" the "User configuration" settings of the user's OU with the "User configuration" settings configured on the computer's OU. Replace mode only looks at the "USer Configuration" settings of the computer's OU. It's really depending on what you configured for your users. If there's nothing they need to have configured in the Terminal Server environment than the settings you give the TS-OU, go for Replace mode. If there are settings sticking with the user's OU that you need to preserve (startup scripts, Administrative Templates, whatever), go with merge mode.

The modes are for all users - including Admins. Excluding administrators from the restrictions you make will result in what is explained in the article I posted.

Next, if I have my Terminal Server GPO linked to the Server 2003 computer? Will all the changes I made in computer/user configuration apply to just the terminal server users or all users including admin?

So - you have the Terminal Servers OU (let's call it TS-OU) and linked a Group Policy to it - with restrictions in both user and computer configuration side and put a Server 2003 into that OU -- only the "computer configuration" settings will apply. Only loopback makes both user and computer configuration settings apply. Again, that's for all users - including the admin.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html
.

Relevant Pages

  • Re: Non-Admins cant logon to 2kServer in App-Svr mode
    ... Do you know if there was a security template or anything locking down the ... You can run security configuration and analysis to determine the current ... system security settings, and reset any default settings that have been ... > I have not been able to connect to my Win2000 Terminal Server unless I use ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Internet Explorer Search Page and Start Page
    ... User Configuration - Windows Settings - Internet Explorer ... and then link the GPO to the OU which contains the Terminal Server ...
    (microsoft.public.windows.terminal_services)
  • Re: OU GPO - Problem setting TS Profile Path for users under a specifi
    ... You are configuring settings under Computer Configuration in a GPO ...
    (microsoft.public.windows.terminal_services)
  • Re: Computer vs. User configuration
    ... "It is not that you can not configure a Group Policy with settings enabled ... Your explanation of a top level GPO with no override filtering down to ... scenario I can imagine having both user and computer configuration settings ...
    (microsoft.public.windows.group_policy)
  • Re: appsetting in class doesnt work
    ... an appsettings section. ... <!-- This section defines the logging configuration for ... Dim cnfg As System.Configuration.Configuration ... settings enter in the designer. ...
    (microsoft.public.dotnet.languages.vb)