|
|
| Next: Command line editor or script in order to add a n.. |
| Author |
Message |
Tekquest3k
External
Since: Jul 18, 2007
Posts: 2
|
 Posted: Wed Jul 18, 2007 12:18 pm Post subject: GPO force Redirect of folders on 2003 Term Server
Archived from groups: microsoft>public>win2000>group_policy (more info?) |
|
|
I have setup a OU on our Windows 2000k Server for our two new Terminal
Servers that are running 2003 OS. In active directory on my Win2k server, I
have setup a GP on OU called TS Group Policy (and placed the 2 win2003
servers in that OU) that is supposed to redirect users desktop, limit them
from shutting down server, show an active desktop, etc when they log into the
TS. Unfortunately it does not appear to be working.
Redirection Settings: Basic - redirect everyone's folder to the same location
I want to redirect desktop, start menu, etc.
Under properties I have assigned a TS Group with security rights to Read and
execute the policy.
As administrator I have run gpresult /user U5 /v while logged into the TS
server to see which gp's would be applied. I receive the following message "
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
ts group policy
Filtering: Denied (Security)" |
|
| Back to top |
|
 |
Florian Frommherz [MVP]
External
Since: Jul 02, 2007
Posts: 14
|
Posted: Thu Jul 19, 2007 2:17 am Post subject: Re: GPO force Redirect of folders on 2003 Term Server [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Howdie!
Tekquest3k schrieb:
> I have setup a OU on our Windows 2000k Server for our two new Terminal
> Servers that are running 2003 OS. In active directory on my Win2k server, I
> have setup a GP on OU called TS Group Policy (and placed the 2 win2003
> servers in that OU) that is supposed to redirect users desktop, limit them
> from shutting down server, show an active desktop, etc when they log into the
> TS. Unfortunately it does not appear to be working.
>
> Redirection Settings: Basic - redirect everyone's folder to the same location
> I want to redirect desktop, start menu, etc.
>
> Under properties I have assigned a TS Group with security rights to Read and
> execute the policy.
Have a look at the "loopback processing mode". Your "problem" is that
you have Group Policy settings specified that are under the "User
Configuration" node of the Group Policy Editor. These settings only
apply to user objects that reside in your OU. Enabling loopback will
make computer accounts process user settings as well, see:
http://www.frickelsoft.net/blog/?p=22
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog. |
|
| Back to top |
|
|
Tekquest3k
External
Since: Jul 18, 2007
Posts: 2
|
Posted: Thu Jul 19, 2007 12:24 pm Post subject: Re: GPO force Redirect of folders on 2003 Term Server [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Thank you for the great links and pointers. Unfortunately, it still does not
work and I did have "User Group Plicy Loopback Processing Mode" Enabled, per
another article.
If I create a new users in the TS-Servers - OU and then that user does get
the desktop redirection and other user policy settings. So, it appears as if
the Loopback is not processing.
Here is hopefully a better description of our active directory layout
thsb (default domain policy exists here)
ou=thsb_users (users are in this OU, no gpo's here)
ou=command_users (admin types in this OU, no gpo's here
ou=domain-ctrls (group of 2 ctrls which are our old Term Servers) Win2k
based
+ ou=dom_ts (3 polices are in here for when users log-in to old term
servers that I am trying to move them off of.
old_term_serv_policy, command_user_policy,
backup_ou_policy)
[Interestingly these policies DONOT have
loopback enabled,
but work!]
ou=ftp
ou=limited
ou=TS-Servers (ts group policy is defined in here. loopback enabled)
Win2003
(Properties/Security grans the user group
that I want to be
able to use the new TS servers Read and
Apply Group Policy)
I did not see any policy's / ou's that wer blocking policy inheritance
Any further thoughts or suggests?
"Florian Frommherz [MVP]" wrote:
> Howdie!
>
> Tekquest3k schrieb:
> > I have setup a OU on our Windows 2000k Server for our two new Terminal
> > Servers that are running 2003 OS. In active directory on my Win2k server, I
> > have setup a GP on OU called TS Group Policy (and placed the 2 win2003
> > servers in that OU) that is supposed to redirect users desktop, limit them
> > from shutting down server, show an active desktop, etc when they log into the
> > TS. Unfortunately it does not appear to be working.
> >
> > Redirection Settings: Basic - redirect everyone's folder to the same location
> > I want to redirect desktop, start menu, etc.
> >
> > Under properties I have assigned a TS Group with security rights to Read and
> > execute the policy.
>
> Have a look at the "loopback processing mode". Your "problem" is that
> you have Group Policy settings specified that are under the "User
> Configuration" node of the Group Policy Editor. These settings only
> apply to user objects that reside in your OU. Enabling loopback will
> make computer accounts process user settings as well, see:
>
> http://www.frickelsoft.net/blog/?p=22
>
> cheers,
>
> Florian
> --
> Microsoft MVP - Windows Server - Group Policy.
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> |
|
| Back to top |
|
|
Florian Frommherz [MVP]
External
Since: Jul 02, 2007
Posts: 14
|
Posted: Fri Jul 20, 2007 8:07 am Post subject: Re: GPO force Redirect of folders on 2003 Term Server [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?) |
|
|
Howdie!
Tekquest3k schrieb:
> Thank you for the great links and pointers. Unfortunately, it still does not
> work and I did have "User Group Plicy Loopback Processing Mode" Enabled, per
> another article.
>
> If I create a new users in the TS-Servers - OU and then that user does get
> the desktop redirection and other user policy settings. So, it appears as if
> the Loopback is not processing.
You create users in the TS-Servers OU? I thought that OU would contain
those Terminal Server? If so, you should do it like this: TS-Servers OU
contains the two Terminal Servers (with loopback enabled) and another OU
with user accounts in it. User settings for the Terminal Server will be
applied to the TS-Servers OU (as well as the loopback).
>
> Here is hopefully a better description of our active directory layout
> [Active Directory Layout]
>
> ou=TS-Servers (ts group policy is defined in here. loopback enabled)
> Win2003
> (Properties/Security grans the user group
> that I want to be
> able to use the new TS servers Read and
> Apply Group Policy)
Did you wipe out the "Authenticated Users" group from the Security tab?
That could be the root of your evil. Re-add "Authenticated Users" and
apply "Read" and "Apply Group Policy" rights on the TS-Servers GP where
the user settings are.
cheers,
Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog. |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
Microsoft Windows (other)