Loopback group policies --- exclude administrators

[barabba]

Hi all,

I'm in the process of implementing terminal services in the domain I
administer.
Currently users use fat clients.

In order to allow a soft upgrade to ts, I want users to be able to
access both thin clients and terminal services. The problem was that
fat users and thin users are in different ous, each one with their own
policy settings.

To make a long story short, I enabled loopback processing mode in the
group policy the governs the computer settings of the terminal
services. I then filled the user part of this policy with the settings
for the fat clients.

Now the only problem is that both regular and domain admins are
configured which is not what I like.
Domain admins, by nature, have the following security on the newly
created policy:
- full control: none
- read: allow
- write: allow
- create all child objects: allow
- delete all child objects: allow
- apply group policy: none

so you can see that the policy is not read by domain admins. However I
googled a while and read a couple of posts recommending to tweak these
security settings. I tried to follow these tips but could not get to
anywhere.
Could somebody be so kind to tell me if what I'm trying to accomplish
is at all possible ??

Thank you so much !
Bar

 

[Guest]

Really can't figure out what you want to "accomplish", and what was your
problem at all.

If you want to perform loopback processing, follow this.

Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

If you want to prevent policy applying to admin accounts, read this.

How To Prevent Domain Group Policies from Applying to Administrator Accounts
and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100

br,
Denis