Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- From: Daniel <Daniel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Mar 2008 08:30:01 -0700
Thanks for your help. I finally got it working..
"Daniel" wrote:
Ok, I guess the next big question is how do I apply group policy for all my.
terminal server users without effecting the administrator account. In my
group policy object I just have the User side of things configured. The only
thing in the computer side would be to enable Loopback processing.
Could I apply group policy to a computer and on that local computer block
that policy for just the Administrator account?
I'm not sure how this was previously done. The previous admin couldn't
remember what he done to get this working.
Thanks again for your help. I think i am on the edge of getting this taking
care of. It seem like there might be only a step or two away from
accomplishing this.
"Florian Frommherz [MVP]" wrote:
Howdie!
Daniel schrieb:
Ok, I'm thinking that Group Policy Loopback is the problem. I do not have
this currently configured for anything. So, I enabled this and now Im not
sure which to choose as for merge or replace. Is there a common one to use
so that I can still have people locked down and have Admin account with full
rights?
Merge mode simply "merges" the "User configuration" settings of the
user's OU with the "User configuration" settings configured on the
computer's OU. Replace mode only looks at the "USer Configuration"
settings of the computer's OU. It's really depending on what you
configured for your users. If there's nothing they need to have
configured in the Terminal Server environment than the settings you give
the TS-OU, go for Replace mode. If there are settings sticking with the
user's OU that you need to preserve (startup scripts, Administrative
Templates, whatever), go with merge mode.
The modes are for all users - including Admins. Excluding administrators
from the restrictions you make will result in what is explained in the
article I posted.
Next, if I have my Terminal Server GPO linked to the Server 2003 computer?
Will all the changes I made in computer/user configuration apply to just the
terminal server users or all users including admin?
So - you have the Terminal Servers OU (let's call it TS-OU) and linked a
Group Policy to it - with restrictions in both user and computer
configuration side and put a Server 2003 into that OU -- only the
"computer configuration" settings will apply. Only loopback makes both
user and computer configuration settings apply. Again, that's for all
users - including the admin.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html
- References:
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Server
- From: Jorge Silva
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- From: Daniel
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- From: Florian Frommherz [MVP]
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- From: Daniel
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- From: Florian Frommherz [MVP]
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- From: Daniel
- Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Server
- Prev by Date: Re: AD defaults to wrong child domain
- Next by Date: Re: users' last-logon-timestamp
- Previous by thread: Re: Windows 2000 Server GPO with Windows 2003 Server Terminal Serv
- Next by thread: Contents of Sysvol Policies folder different on 2 DCs
- Index(es):
Relevant Pages
|
