D
Drazen
First I created new OU - "Terminal users", put all TS users
in that OU. Then I assigned group policy object to that OU
following article http://support.microsoft.com/default.aspx?scid=kb;en-us;278295
on Microsofts knowledgebase.
The only settings I left out was those computer related and
folder redirection. Then I tried to log in as one of TS users and the
desktop was locked down as it should be. However, after some time
I tried to login again as that user and the desktop was unrestricted!
Then I "touched" the GPO settings (applying the same setting for one
policy as it already had), tried to log in as same user and got locked
down desktop.
And finally after some time I tried to log in as that user and
got unrestricted desktop again :-(
Why is this happening? Also I tried to turn on "Block policy
inheritance".
The user in question has "Domain admin" privileges. Could that
interfere with GPO settings? Everything is happening on w2000 DC.
Drazen
in that OU. Then I assigned group policy object to that OU
following article http://support.microsoft.com/default.aspx?scid=kb;en-us;278295
on Microsofts knowledgebase.
The only settings I left out was those computer related and
folder redirection. Then I tried to log in as one of TS users and the
desktop was locked down as it should be. However, after some time
I tried to login again as that user and the desktop was unrestricted!
Then I "touched" the GPO settings (applying the same setting for one
policy as it already had), tried to log in as same user and got locked
down desktop.
And finally after some time I tried to log in as that user and
got unrestricted desktop again :-(
Why is this happening? Also I tried to turn on "Block policy
inheritance".
The user in question has "Domain admin" privileges. Could that
interfere with GPO settings? Everything is happening on w2000 DC.
Drazen