Re: Loopback Policy Not Taking Effect

Tech-Archive recommends: Fix windows errors by optimizing your registry


Vera,

So let me get this straight before I mess this up even more.

-I created the "Terminal Servers" OU in Users and Computers and placed my
Terminal Servers in the OU

- But when I go to GP Management I am NOT supposed to link my lockdown and
loopback GPO to the "Terminal Servers" OU but to the OU that holds my TS
Accounts.

I am confused because my "Terminal Servers" OU is holding my computer
accounts for both my servers. Should I be linking my GPO to the OU that holds
all my user accounts instead... sorry I didnt clarify which OU I am linking
to?





"Vera Noest [MVP]" wrote:

You don't write to which OU you have linked the GPOs.
Both the Loopback GPO and the LOckdown GPO must be linked to the OU
which contains the Terminal Server accounts.

Also make sure that the option "disable Computer configuration" is
unchecked in both GPOs (I'm not sure of the exact wording).
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?Tm9uY2VudHo=?= <Noncentz@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote on 06 jan 2009 in
microsoft.public.windows.terminal_services:

Afternoon All,

I have been throught this puzzle before only to give up because
I got to busy with other matters but I am once again going to
tackle using GPO to lockdown my TS enviorment.

I have read numerous guides outlining how this process is done
(thx to Vera for the help) using this website as a template:

http://www.msterminalservices.org/articles/Managing-Terminal-Serv
ices-Group-Policy.html

I basically finished the tutorial but I am not seeing the
expected results.

- I went into Users and Computers and created a "Terminal
Servers" OU. Put both TS servers in the group
- I went to GP Management and Created a Loopback Policy as well
ad TS Lockdown Policy and assigned them mostly Computer
Configuration ...... some User level
- When looking at the scope of my GP's I have "Authenticated
Users" being effected including myself for now.

When I loggin to my TS I see that the GPO has been applied to
all users but only the USER CONFIGURATION. It seems as though
the machine settings are being filters????? ... I have no idea
why.......

A good example:

Loopback Policy
Filtering: Not Applied (Empty)

---- I have set the loopback but it is a Computer Configuration
so it is deemed empty

I created a test user that I am logging onto the TS with but
when I run a gpresult I get this back ( Slighly Edited for
Length)

---------------------------------

USER SETTINGS
--------------
CN=Marisa
Mckenna,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=mccoysales,DC=local
Last time Group Policy was applied: 1/6/2009 at 12:47:55 PM
Group Policy was applied from: mcsvr01.mccoysales.local
Group Policy slow link threshold: 500 kbps
Domain Name: MCCOYSALES
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
McCoy Wireless LAN Policy
Terminal Service Lockdown
Default Domain Policy
Local Group Policy

The following GPOs were not applied because they were
filtered out
-------------------------------------------------------------
------
Loopback Policy
Filtering: Not Applied (Empty)

Small Business Server - Windows Vista policy
Filtering: Denied (WMI Filter)
WMI Filter: Vista

Small Business Server Client Computer
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
BUILTIN\Users
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Web Workplace Users
Wireless Users
Prophet21_Users
Fluid Connector
CERTSVC_DCOM_ACCESS

You all do great work BTW... any help is greatly appreciated.

Noncentz

.

Relevant Pages

  • Re: Loopback Policy Not Taking Effect
    ... Have you rebooted your servers yet? ... Terminal Servers in the OU ... loopback GPO to the "Terminal Servers" OU but to the OU that holds my TS ... ad TS Lockdown Policy and assigned them mostly Computer ...
    (microsoft.public.windows.terminal_services)
  • Re: Group Policy Management Console or Gpedit.msc
    ... Group Policy Management Console in a domain environment (if ... Create an OU to contain a set of Terminal Servers ... Create a GPO called "TS Machine Policy" linked to the OU ... Check "Disable Computer Configuration settings" on these GPO ...
    (microsoft.public.windows.group_policy)
  • RE: Loopback process doesnt work
    ... Create an OU to contain a set of Terminal Servers ... Enable Loopback Policy Processing in the GPO ... Edit the Security on these User Configuration GPOs so Apply Policy is ...
    (microsoft.public.windows.terminal_services)
  • RE: No Outlook Email via RDP
    ... Thank you Patrick I appreciate your help. ... those using TS could not login to Outlook. ... Create an OU to contain a set of Terminal Servers ... Enable Loopback Policy Processing in the GPO ...
    (microsoft.public.windows.terminal_services)
  • Re: Group Policy terminal Server
    ... I also created a new group with the 3 terminal servers ... I added these 4 groups to the Terminal Server Policy, ... >> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA ... >>> the UK, Germany and Holland, and the members of these groups are the ...
    (microsoft.public.windows.server.active_directory)