Announcement

Collapse
No announcement yet.

Gpo not being applied to terminal server sessions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gpo not being applied to terminal server sessions

    We just got a new 2008 TS box and Im trying to lock it down. For some reason, the gpo isnt being applied to users when they connect to the ts. Here are the steps Ive done:
    1. Created a TS OU
    2. Created a TS security group
    3. Created a test users
    4. Put the test user in the TS security group
    5. Put the TS sercurity group in the TS OU
    6. With gpmc, created a sample gpo that locks down desktop and start menu
    7. Linked and applied that gpo to the TS OU
    When the test user logs in, the gpo isnt being applied as verified with gpresult. Thoughts?

  • #2
    Re: Gpo not being applied to terminal server sessions

    Hi,

    On first sight, on step 5 put the user objects on the OU instead of the security group. GPO user settings only apply to user objects.

    Ta
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Gpo not being applied to terminal server sessions

      But I cant take them out of their existing ou because gpo's are being applied to it. Whats the best way to apply gpo's to just terminal sessions?

      Comment


      • #4
        Re: Gpo not being applied to terminal server sessions

        You need to use GPO loopback policy processing in the GPO that's linked to the TS OU. This is the exact purpose of loopback policy processing. It basically means: "take the user settings from the GPO where the TS is and apply it to the user logging on to the TS". You can use it in what is called "replace" mode, where the user settings in the TS OU GPO replace the user settings in the user's normal GPO or you can use it in what's called "merge" mode, where the user settings from the TS OU GPO and the user's normal GPO are merged. Frankly, my recommendation would be to use it in replace mode, so that only the user settings in the TS OU GPO are applied to the user when they log on to the TS.

        Comment


        • #5
          Re: Gpo not being applied to terminal server sessions

          Works like a charm, thank you!

          Comment


          • #6
            Re: Gpo not being applied to terminal server sessions

            Glad to help.

            Comment

            Working...
            X