Re: Run application on remote login

Click advanced so you can get to the full security interface.

Jeff Pitsch
Microsoft MVP - Terminal Services

nigel wrote:
I have administrators added but in the Delegation tab on default Domain Policy in group policy management where administrators is listed, allowed permissions are Read (from security filtering) right click gives options 'Read, Edit settings, Edit settings, delete , modify' but nothing to say 'deny apply this policy'.

Nigel

"Jeff Pitsch" wrote:

If you're using the default GPO editor, I believe you need to go to view, advanced features to see the security tab. But the GPMC is much better so I would recommend getting that instead.

Jeff Pitsch
Microsoft MVP - Terminal Services

Vera Noest [MVP] wrote:
Have you downloaded the Group Policy Management Console? I can only give instructions for the GPMC, since installing it disables the built-in GP editor in AD Users and Computers.

There should be a window pane at the right side (lower half), called "Security filtering". Beneath that pane, there's a button "Add". Add the Administrator account. Then click on the button "Delegation" at the top of the right window pane to modify the security settings.

Download GPMC:
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?bmlnZWw=?= <nigel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 03
jan 2009 in microsoft.public.windows.terminal_services:

Thanks I had got as far as the loopback. Following kb81600 I
can't see when, in group policy management I've selected default
domain policy, where to get the properties / security tab
options per step 4 & 5


"Vera Noest [MVP]" wrote:

Configure the setting "Start a program on connection" as a User Configuration (it exists both under User and Computer
Configuration), configure loopback processing of the GPO:

Computer Configuration - Administrative Templates - System -
Group Policy
"User Group Policy loopback processing mode" - "Replace"

and link it to the OU which contains the Terminal Server (not
the user accounts!).
Then modify the rights for Administrators on the GPO: select "Deny" for the right to "Apply this policy"

816100 - How To Prevent Domain Group Policies from Applying to Administrator Accounts and Selected Users in Windows Server
2003 http://support.microsoft.com/?kbid=816100

231287 - Loopback Processing of Group Policy http://support.microsoft.com/?kbid=231287
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?bmlnZWw=?= <nigel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on
02 jan 2009 in microsoft.public.windows.terminal_services:

have successfully got program to run when remote user
connects through RDP using Group Policy. However, the same
happens for Administrator login, which then stops any remote
administration of the server! How can I confgure for users
to run the program but not the administrator account.

Windows server 2003 standard SP2 , terminal services 5 cal
licence.
.

Loading