Re: GP/OU Problem/Question
- From: "Vera Noest [MVP]" <Vera.Noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Feb 2008 03:39:03 -0800
Mm, this should work, and you should not need to put the user
account in the TerminalServers OU.
Run gpupdate /force on the TS (although I don't think it will help,
it should have been updated by now). But when you make a change to
the GPO, you have to run gpupdate on the TS, not on the DC.
To troubleshoot, run Resultant Set of Policies with the testuser
account and the TS, to check which policies are applied, and in
which order.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
*----------- Please reply in newsgroup -------------*
compsosinc@xxxxxxxxx wrote on 15 feb 2008:
In a VirtualPC setup (test lab), I am using Windows 2003 Server.
as a DC and a separate Windows 2003 member server as the TS. I
am having a problem getting any Group Policy changes to take
effect for an XP Pro client that logs into the TS --using what I
thought was the proper method of setting this up. Here are my
notes on what I have done so far:
1. Create OU & GPO for the TS:
a. In AD of DC, create an OU called: 'Terminal Servers'
b. Move TS machine into this OU.
c. Right click 'Terminal Servers' OU, and go to properties.
Click on GP tab
d. Click 'New' and name GP (ex, TS Users GP)
2. Create TestUser(s) in AD:
a. Create username/password (ex., TestUser1)
b. Ensure that TestUser1 is a member of Domain Users &
Remote Desktop Users
- If creating a separate Security Group for 'TS Users', do not
make user member of RDU. Make the Security group (Step 3) member
of RDU.
3. Create Security Group for TS Users & TS desktop
a. Create a new Security group called 'TS Users' in AD.
b. Ensure the 'TS Users' group is a member of RDU group.
c. Populate the 'TS Users' group with the user account(s)
--her, the Testuser1 account
d. Test login to the TS with a user account = ok
4. Edit GPO & Setup Edit for test:
a. In the User Configuration of the GPO, enabled "Remove My
COmputer' icon from Start menu
b. Enabled loopback processing
c. On the Security Tab of the GP, added the TS Machine and the
'TS Users' Security group with Read & Apply settings
b. Gpupdate/force on DC
Problem:
The edit to the GP does not work...the 'My Computer icon remian
when I login into the TS from the XPP client. I had begun with
Folder redirection and it wasn't working so I tried something
simpler..
Resolution?
Based on what I read in a NG posting, I moved my 'Testuser1'
user account into the OU with the TS machine and the GP works!
Everything (most anyway) I researched prior to this setup
indicated to not put the user accounts into the new OU. If I
move the Security Group I created into the OU (of which
TestUser1 is a member of) the GP does not work...
What is the correct way to apply a GP to a group of Users, such
as the group 'TS Users'?
PS I also read article "Understanding Group Policy in a TS
Environment" in which two GPO are linked to thenew OU -one for
the machine & one for the user configuration. Is this a better
method?
Confused!
- References:
- GP/OU Problem/Question
- From: compsosinc
- GP/OU Problem/Question
- Prev by Date: RE: User Profile
- Next by Date: Re: How to manage a farm of terminal servers
- Previous by thread: GP/OU Problem/Question
- Next by thread: Re: GP/OU Problem/Question
- Index(es):
Relevant Pages
|
