Re: Creating a GPO for TS lockdown

From: "Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Oct 2007 13:58:39 -0700

So what's the GPO you are trying to apply?
Assuming that it is the Small Business Server Lockout Policy, then
the computer settings are applied, but not the users settings, it
seems that they are disabled.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Tm9uY2VudHozMDM=?=
<Noncentz303@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 25 okt 2007 in
microsoft.public.windows.terminal_services:

Vera,

Ok so I ran RSOP on my TS and I see the GPO I created and the TS
is in the right OU. But from the looks I have not applied it to
the server correctly. Cendrars has enlightened me to DACK config
and applying the group policy so I will read up on that.

I have removed the individual test user and added him to the
group I setup. Here are my RSOP results

Created On 10/25/2007 at 3:03:32 PM

RSOP data for MCCOYSALES\anolan on MCSVR03 : Logging Mode
----------------------------------------------------------

OS Type: Microsoft(R) Windows(R) Server
2003, Enterprise Edition
OS Configuration: Member Server
OS Version: 5.2.3790
Terminal Server Mode: Application Server
Site Name: Default-First-Site-Name
Roaming Profile: \\mcsvr03\AdminMandatory
Local Profile: C:\Documents and Settings\anolan
Connected over a slow link?: No

COMPUTER SETTINGS
------------------
CN=MCSVR03,OU=Terminal Servers,DC=mccoysales,DC=local
Last time Group Policy was applied: 10/25/2007 at 2:28:35 PM
Group Policy was applied from: mcsvr01.mccoysales.local
Group Policy slow link threshold: 500 kbps
Domain Name: mccoysales
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Small Business Server Domain Password Policy
Small Business Server Client Computer
Small Business Server Remote Assistance Policy
Small Business Server Lockout Policy
Default Domain Policy
Local Group Policy

The following GPOs were not applied because they were
filtered out
-------------------------------------------------------------
------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

EnlightenUsers
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users

USER SETTINGS
--------------
CN=Antony
Nolan,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=mccoysales,DC=loc
al Last time Group Policy was applied: 10/25/2007 at 2:28:35
PM Group Policy was applied from:
mcsvr01.mccoysales.local Group Policy slow link threshold:
500 kbps Domain Name: MCCOYSALES
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy
Local Group Policy

The following GPOs were not applied because they were
filtered out
-------------------------------------------------------------
------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2

Small Business Server Lockout Policy
Filtering: Disabled (GPO)

Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)

Small Business Server Client Computer
Filtering: Not Applied (Empty)

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)

EnlightenUsers
Filtering: Not Applied (Empty)

Small Business Server Windows Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PostSP2

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Offer Remote Assistance Helpers
Remote Desktop Users
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Domain Admins
SBS Mobile Users
Web Workplace Users
SBS Report Users
Prophet21_Users
Offer Remote Assistance Helpers

References:
- Re: Creating a GPO for TS lockdown
  - From: leakim
- Re: Creating a GPO for TS lockdown
  - From: Noncentz303
- Re: Creating a GPO for TS lockdown
  - From: Vera Noest [MVP]
- Re: Creating a GPO for TS lockdown
  - From: Noncentz303

Prev by Date: RE: Bring window to front
Next by Date: Re: RDC 6.0 to W2K3 Server Slow (compared to 5.2)
Previous by thread: Re: Creating a GPO for TS lockdown
Next by thread: Terminal Server with SBS - Setup & licenses
Index(es):
- Date
- Thread

Relevant Pages

Re: Slow Logon related to groups - Update!
... Group Policy processing aborted. ... Small Business Server Windows Firewall ... Filtering: Denied ...
(microsoft.public.windows.server.sbs)
Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
... Check Group Policy security settings - verified, ... Small Business Server Auditing Policy ... Filtering: Denied ...
(microsoft.public.windows.server.sbs)
Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server
... Check Group Policy security settings - verified, ... Small Business Server Auditing Policy ... Filtering: Denied ...
(microsoft.public.windows.server.sbs)
Re: Unable to login into SBS 2003 Domain server
... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Small Business Server Auditing Policy ... Filtering: Denied ...
(microsoft.public.windows.server.active_directory)
Re: Software installation settings not applying to one PC
... It's the 'Small Business Server Client Software Install'. ... Group Policy processing aborted. ... Microsoft Windows XP Operating System Group Policy Result tool ... Filtering: Not Applied ...
(microsoft.public.windows.group_policy)