GPO not applied to new OU for TS

[Guest]

I am trying to have a GPO apply to my Term Svr's only
looked at both Q231287 and Q260370

So I made an additional OU ..call in Termsvr
moved my term server to it (Termsvr1)
then I made a new GPO for the OU=TERMSVR
just as a test tried to remove the RUN from Start

NG

But if I move the TS (termsvr1) back to the main site
and do a GPO with removing RUN from start

OK

could someone give me a clue as to what I am missing here

thanks
bill

 

[Steven L Umbach]

The configuration you did was user configuration, so either the user that
you logged on with must also be in the container or loopback processing
needs to be enabled for that GPO. Note that changes are not immediate and
that you may need to use secedit to speed up the policy propagation for user
or computer as the case may be. Gpresult support tool can also be helpful in
determining what is going on by displaying the container that the
user/computer is in and the policies that are applied and the last time they
were applied. --- Steve

 

[Guest]

Steve Im a little confused..
Why would the TS listen to the main GPO on the SITE
if the TS was under Computers normally

BUT
not to the GPO on the OU that the TS was moved under?

thx
bill

 

[Steven L Umbach]

Did you configure loopback processing for the GPO that you created for the
OU that you moved the TS into? The other thing I would try is to move the TS
into your new OU, refresh Group Policy on the domain controller and then run
gpresult on the TS. View the results to see if it reports that the TS is in
the new OU and that the GPO from the new OU is applying to it. If it is then
try seeing if the policy applies to a user logging onto the GPO. You may
need to try logging on and off a couple of times. Running gpresult again
while logged on as the user will tell want user configuration policies are
applying to the user. I would also check Event Viewer on your TS to see if
any pertinent errors are reported and run the netdiag support tool on it
looking for any problems relating to dns, dclist, kerberos, and trust/secure
channel. -- Steve

 

[Guest]

thanks Steve

Yeh I setup the Loopback on the TS and that seemed to do it
it Started listening to the GPO on the TERMSVR = OU

I was just kinda of curious why the TS wouldl isten to the main GPO on the
site when it was under COMPUTERS and once I moved it to the OU it did not
listen tot he OU's GPO

Just trying to get a little better understanding of the GPO High archy etc..?

thanks
bill

 

[Steven L Umbach]

Hi Bill.

I am a bit confused. It still is not working in the TERMSVR = OU?? If not
it may help to make a few more changes to user configuration it to see if
that motivates it to work. When you look at the Group Policy properties it's
revisions for user should be greater than zero. Also if you have an XP Pro
computer in the domain you can use the Group Policy Management Console which
is terrific for managing and troubleshooting Group Policies. If you do that
be sure that the XP Pro computer is secure as you will need to logon to it
as a domain admin to get it to work. I would also run the netdiag support
tool on the TS server to see if it reports any problems related to dns,
dclist, kerberos, or trust/secure channel. Such problems can cause Group
Policies to not apply as intended. --- Steve

http://www.microsoft.com/windowsserver2003/gpmc/default.mspx -- Group
Policy Mangement Console.