Announcement

Collapse
No announcement yet.

Using two Group Policies for Terminal Server Access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using two Group Policies for Terminal Server Access

    I am having great trouble trying to restrict the desktop on a Terminal Server using Group Policy without it affecting the XP desktop after intial domain login.

    Basically, I want all users to log in to the domain on their XP machines and then when they establish a RDP connection to my Terminal Server I want the desktop to be restricted.

    At the moment, either of the two Group Policies can take preference,l but not the way I want them to. I know that I can set the Policy to apply to the Terminal Server specifically and I can set the policy to 'replace' over 'merge', but I am having no success.

    Is there an 'idiots guide' to the best way to do it ?

    Thanks for your help

  • #2
    Re: Using two Group Policies for Terminal Server Access

    In my opinion, the easiest way to accomplish what you want is to apply the restrictive GPO on the same users, but only when they login to the TS server, by using the Security Filtering.

    Related articles:
    - http://technet2.microsoft.com/Window....mspx?mfr=true
    - http://technet2.microsoft.com/Window....mspx?mfr=true

    Is this what you were looking for?

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: Using two Group Policies for Terminal Server Access

      Yes, I think this should do the trick. I was in the right ball park, but just needed a guiding hand to point me in the right direction

      Thanks for replying

      Comment


      • #4
        Re: Using two Group Policies for Terminal Server Access

        Still confused,

        I have followed the articles, but still its not sinking in.

        My default domain policy applies to Authenticated Users and then my 'Terminal Server' policy has been applied to both the Terminal Server itself and the Remote Desktop User Group separatly, but it is still not working as I want it to.

        It's as if I need to set priorities on the Policies, so that the Default Domain Policy takes preference, and then subsquently, any connection to the Terminal Server then uses the other policy. I think that is where the Security Filtering comes in, but I am obviously missing something

        Comment


        • #5
          Re: Using two Group Policies for Terminal Server Access

          At the moment, sounds like you need to see what GPOs are applied to the user. Maybe there is an issue of precedence.
          Run gpresult > c:\gpos.txt from the command line, while logged in as a user in TS and post the TXT file. Erase any data you don't want made public from there...

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: Using two Group Policies for Terminal Server Access

            I think that what John actually needs,
            is to link the "Desktop Restricting" GPO only to the container (OU) where the TS box is in, and set that GPO for Loopback processing.
            check out: http://support.microsoft.com/kb/231287 for more info.

            Good Luck!
            Martin77.

            Comment


            • #7
              Re: Using two Group Policies for Terminal Server Access

              block inheritence on the OU, make sure the GP links are not set to enforce higher up.

              You can then start with a fresh GP link.

              Use the GPMC to ease management and give you a better 'view' on whats happening, also get to RSOP is a great tool to fins out what policys are affecting which users/machines, which one wins etc

              STi

              Comment

              Working...
              X