Re: TS Security settings

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 07/15/04 

Date: Thu, 15 Jul 2004 02:04:30 -0400

B,

I believe that the original poster is following the Microsoft prescribed
method of locking down a Terminal Server. Please take a look at the
following MSKB Article:

http://support.microsoft.com/?id=278295

Essentially you are using GPO Loopback Processing in replace mode. This is
generally a very good way to do things.

I think that his problem is that he is not removing the Authenticated Users
group from the security of the GPO and might not be giving the manually
configured security group the 'Read' rights ( he has stated that he has
granted the 'Apply Group Policy' rights ). He needs both. BTW - this is a
very basic concept within GPO. It is called filtering. You remove the
Authenticated Users from the security and replace it with a security group
of your creating that has as members the user account objects that you want
affected by this GPO...

HTH,

Cary

"B" <anonymous@discussions.microsoft.com> wrote in message
news:2da4401c469f8$6f9702b0$a301280a@phx.gbl...
> Why do you have the Terminal Server in the group policy?
> Just make an OU in active directory for TS users. Then
> Put the users that you want into that OU. Create a GPO
> with the settings you want for just that OU.
> Sounds simple huh?
>
> >-----Original Message-----
> >I have an OU with a Terminal Server in it. I have a GPO
> >set up for that OU. I also have a group of users set up
> >called TS Users. When I go to the properties of that
> >group policy and check "Apply Group Policy" to the TS
> >Users group my Group Policy does not work when one of
> >those users logs in (the" Apply Group Policy" box is
> >unchecked for Authenitcated Users). Yet when I check
> >the "Apply Group Policy" box for Authenticated Users the
> >Group Policy works. But this isn't what I want because
> it
> >also applies the Group Policy to Administrators. Can
> >someone please explain to me how to apply my Group
> Policy
> >to only the TS Users group not all users. Thanks in
> >advance.
> >.
> >

Relevant Pages

  • Re: Applying Group Policy to domain user on Terminal Server
    ... I am still a little stuck however as the GPO ... TS-GPO and not the local GPO on the Terminal Server ... is in there under the group policy tab. ... TS and the test user. ...
    (microsoft.public.windows.terminal_services)
  • Re: GPO testing
    ... Group policy actually has nothing to do with groups. ... NOT work if user account is not in OU where GPO is linked? ... I put the users into a security group under the OU. ... - In Active Directory Users and Computers created an OU under the ...
    (microsoft.public.windows.group_policy)
  • Re: GPO testing
    ... If I go into Active Directory Users and Computers -> Users and right click on a user and then go to "Add to group.." ... Group policy actually has nothing to do with groups. ... GPO will NOT work if user account is not in OU where GPO is linked? ... I put the users into a security group under the OU. ...
    (microsoft.public.windows.group_policy)
  • Re: GPO testing
    ... Here are the steps I used to create and link the GPO: ... Placed two users in the security group Test Group. ... Went to GPMC and right clicked on Group Policy Results and selected ... Test Group on my XP workstation. ...
    (microsoft.public.windows.group_policy)
  • Re: Choosing Profile or Policy?
    ... Domain User GPO, so that OU GPO will always win and users loggin in to TS ... I have created an OU = TERMINAL SERVER USERS, that contains a group named TS ... Menu, Etc using Group Policy. ... Once in there just use the Basic - Redirect everyones option. ...
    (microsoft.public.windows.terminal_services)
Loading