Configuring profiles

J

jude

Hello, I am in the process of installing a new Win2K3 network, with one
server for active directory, and one server for applications. One
application will be run under terminal services. I am thinking that a
good setup would be to create a terminal services OU for the 7 users.
Then I can apply policies to the OU. The clients would log onto the
domain, and then invoke a term. services session; thereby preventing
any conflict with their domain profile and a term. services profile.
Does anyone have any feedback for me on this scenario? Thanks, Jude
 
V

Vera Noest [MVP]

Yes, you need a separate OU.
Be sure to put the TS server object in the OU, *not* the user
accounts. And use loopback processing of the GPO.

More details here:
http://ts.veranoest.net/
Choose "Group Policies" in the menu
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
R

Rob S

On 30 May 2006 13:38:50 -0700, "(e-mail address removed)"

-Hello, I am in the process of installing a new Win2K3 network, with one
-server for active directory, and one server for applications. One
-application will be run under terminal services. I am thinking that a
-good setup would be to create a terminal services OU for the 7 users.
-Then I can apply policies to the OU. The clients would log onto the
-domain, and then invoke a term. services session; thereby preventing
-any conflict with their domain profile and a term. services profile.
-Does anyone have any feedback for me on this scenario? Thanks, Jude


We do something similar. Points to note:

Use different user names for the users "windows" id, and their terminal services
one, so the windows ones don't get effected by the policies on the OU

If you put a policy on the OU, and then put the users in it, only the User
configuration is acted upon, the Computer Config is ignored.

This may help
http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx

regards
-Rob
-Rob
robatwork at mail dot com
 
V

Vera Noest [MVP]

You can avoid creating multiple user accounts, when you use
loopback processing of the GPO, and link the GPO to the OU which
contains the Terminal Server machine accounts, *not* the user
accounts.
Loopback processing is especially created for this situation.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Licensing W2K TS in Windows 2003 Domain/Forest 2
Relocate terminal server - 2. time 1
Changing the default location for user profiles 3
Interactive Login 4
startup and shutdown 3
session settings... 7
TS licensing 5
Upgraded to Win2003; how to get this to work with a Win2000 DC Terminal Services Server ? 3

Top