GPO force Redirect of folders on 2003 Term Server

G

Guest

I have setup a OU on our Windows 2000k Server for our two new Terminal
Servers that are running 2003 OS. In active directory on my Win2k server, I
have setup a GP on OU called TS Group Policy (and placed the 2 win2003
servers in that OU) that is supposed to redirect users desktop, limit them
from shutting down server, show an active desktop, etc when they log into the
TS. Unfortunately it does not appear to be working.

Redirection Settings: Basic - redirect everyone's folder to the same location
I want to redirect desktop, start menu, etc.

Under properties I have assigned a TS Group with security rights to Read and
execute the policy.

As administrator I have run gpresult /user U5 /v while logged into the TS
server to see which gp's would be applied. I receive the following message "
The following GPOs were not applied because they were filtered out
 
F

Florian Frommherz [MVP]

Howdie!
I have setup a OU on our Windows 2000k Server for our two new Terminal
Servers that are running 2003 OS. In active directory on my Win2k server, I
have setup a GP on OU called TS Group Policy (and placed the 2 win2003
servers in that OU) that is supposed to redirect users desktop, limit them
from shutting down server, show an active desktop, etc when they log into the
TS. Unfortunately it does not appear to be working.

Redirection Settings: Basic - redirect everyone's folder to the same location
I want to redirect desktop, start menu, etc.

Under properties I have assigned a TS Group with security rights to Read and
execute the policy.
Click to expand...

Have a look at the "loopback processing mode". Your "problem" is that
you have Group Policy settings specified that are under the "User
Configuration" node of the Group Policy Editor. These settings only
apply to user objects that reside in your OU. Enabling loopback will
make computer accounts process user settings as well, see:

http://www.frickelsoft.net/blog/?p=22

cheers,

Florian
 
G

Guest

Thank you for the great links and pointers. Unfortunately, it still does not
work and I did have "User Group Plicy Loopback Processing Mode" Enabled, per
another article.

If I create a new users in the TS-Servers - OU and then that user does get
the desktop redirection and other user policy settings. So, it appears as if
the Loopback is not processing.

Here is hopefully a better description of our active directory layout

thsb (default domain policy exists here)
ou=thsb_users (users are in this OU, no gpo's here)
ou=command_users (admin types in this OU, no gpo's here
ou=domain-ctrls (group of 2 ctrls which are our old Term Servers) Win2k
based
+ ou=dom_ts (3 polices are in here for when users log-in to old term
servers that I am trying to move them off of.
old_term_serv_policy, command_user_policy,
backup_ou_policy)
[Interestingly these policies DONOT have
loopback enabled,
but work!]
ou=ftp
ou=limited
ou=TS-Servers (ts group policy is defined in here. loopback enabled)
Win2003
(Properties/Security grans the user group
that I want to be
able to use the new TS servers Read and
Apply Group Policy)

I did not see any policy's / ou's that wer blocking policy inheritance

Any further thoughts or suggests?
 
F

Florian Frommherz [MVP]

Howdie!
Thank you for the great links and pointers. Unfortunately, it still does not
work and I did have "User Group Plicy Loopback Processing Mode" Enabled, per
another article.

If I create a new users in the TS-Servers - OU and then that user does get
the desktop redirection and other user policy settings. So, it appears as if
the Loopback is not processing.
Click to expand...

You create users in the TS-Servers OU? I thought that OU would contain
those Terminal Server? If so, you should do it like this: TS-Servers OU
contains the two Terminal Servers (with loopback enabled) and another OU
with user accounts in it. User settings for the Terminal Server will be
applied to the TS-Servers OU (as well as the loopback).
Here is hopefully a better description of our active directory layout
[Active Directory Layout]

ou=TS-Servers (ts group policy is defined in here. loopback enabled)
Win2003
(Properties/Security grans the user group
that I want to be
able to use the new TS servers Read and
Apply Group Policy)
Click to expand...

Did you wipe out the "Authenticated Users" group from the Security tab?
That could be the root of your evil. Re-add "Authenticated Users" and
apply "Read" and "Apply Group Policy" rights on the TS-Servers GP where
the user settings are.

cheers,

Florian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO IE Zone Mapping issue on TS 2
Group Policy for Terminal Server not working 2
GP for Terminal Server, why is it not being applied? 2
GPO and Terminal Servers 1
TS & GPO for Large Companies 1
Active Directory Group Policies not showing in Group Policy editor 2
Terminal server policy 1
New GPO are failing 4

Top