A single machine

[Simple Simon]

Been trying to get to grips with this problem for the past few days now.

I need to be able to apply 'user based policies' (Start Menu restrictions
and the like) to a single computer. However, my user objects are placed
separately within another OU and I want these restrictions to apply only
when the users login to a Terminal Services session running on a dedicated
server. I do not wish these restrictions to apply when they login to their
own individual PCs.

I have been experimenting with Group Policy Loopback with a vague
understanding that this might apply the 'user policies' to anyone that logs
into the machine objects OU, but this appeared not to work.

Local machine based policies work with the understanding that a domain based
policy should override these settings for a select number of users (admins,
etc), but again, this appears not to work!

Any help would be greatly appreciated!

Regards,


S.

 

[Darren Mar-Elia]

Simon-
Loopback is definitely what you want here, so we should try to figure out
why its not working. I presume that you have enabled loopback policy
(usually best to set the replace rather than merge feature) on a GPO linked
to the OU where your Terminal Server computers reside? If so, then try
running gpresult on one of those TS machines and verify that its receiving
the loopback policy. Next, tell us where you're setting the user
policy--presumably in the same GPO as where loopback is set?

 

[Simple Simon]

I have set loopback within a GPO linked to the OU containing a single TS
computer object. I have set the required user policy elements within the
same GPO - I have no user objects within this dedicated TS OU.

When logging into a TS session it appears not to set any of the user
policies. Having run a gpresult within my session, it would appear that the
computer policy is applied, but no user policy relating to the TS GPO.