Announcement

Collapse
No announcement yet.

Group Policy not applying to New Terminal Servers in Win 2012 R2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policy not applying to New Terminal Servers in Win 2012 R2

    HELP!
    We are in the process of moving from Windows 2003 to Windows 2012 R2. Our users login to Terminal Servers.

    I'm working from the new domain controllers in Win 2012 R2. The Old Group Policy is still working from the new domain controller which applies to windows 2003 Terminal Servers. The New GP is not applying to the New Win 2012 R2 servers.

    I need to know how to setup the group Policy I created to get applied to users who login to the New Terminal Servers.

    I set up the new Terminal Server GP exactly like the old Terminal Server GP (as far as I can tell). And the NEW TS GP does not apply when a user logs in the New TS. The old GP is still working and getting applied. What am I missing??!!

    Active Directory Structure:
    1. OU for all my Users (with sub OUs)
    2. OU for Security Groups
    3. OU for OLD Terminal Servers
    4. OU for NEW Terminal Servers

    OU for Security Groups (Global) contains:
    1. Old TS Users
    2. New TS Users

    Group Policies
    1. Old TS Server Group Policy
    2. NEW TS Server Group Policy

    Computers:
    1. TS1-Old
    2. TS2-New


    How Group Policies are setup.
    1. Old TS Server Group Policy
    o Security Filtering Window contains:
    § TS1-Old
    § Old TS Users (Global Security Group)
    o The Delegation Advanced Window has “Apply GP” and “Read” permissions for both of these
    2. New TS Server Group Policy
    o Security Filtering Window contains:
    § TS2-New
    § NEW TS Users (Global Security Group)
    o The Delegation Advanced Window has “Apply GP” and “Read” permissions for both of these



    Things I’ve done:
    Gpupdate
    Gpresult /v
    Restart Servers
    Read tons of articles trying to see if there is something I’m missing.

  • #2
    Re: Group Policy not applying to New Terminal Servers in Win 2012 R2

    It's not clear to me exactly how your OU's and GPO's are structured and linked but I'll say this:

    Computer Configuration settings are applied to Computer objects from GPO's linked to the OU's where the Computer objects reside.

    User Configuration settings are applied to User objects from GPO's linked to the OU's where the User objects reside.

    If you are trying to apply GPO settings to users in a GPO linked to the Computer object OU then you need to configure the GPO to use Loopback Policy Processing in Merge or Replace mode. This instructs the GPO "engine" to apply the User settings from the computer linked GPO to users logging on to those computers, either replacing the users normal GPO's or merging with the users normal GPO's.

    Comment


    • #3
      Re: Group Policy not applying to New Terminal Servers in Win 2012 R2

      That was it!! Thanks!

      It was the one setting I missed in my new GP.

      Here it is for anyone else that needs it:
      Computer Configuration\Policies\Administrative Templates\System\Group Policy,
      and then double-click User Group Policy Loopback Processing Mode.

      I had to set this to Merge.

      Comment


      • #4
        Re: Group Policy not applying to New Terminal Servers in Win 2012 R2

        Glad to help.

        Comment

        Working...
        X