v-mileli wrote on 11/11/2008 05:07 ET
> Hello Simcha
>
> Thank you for posting here
>
> According to your description, I understand that
>
> The Windows Server 2008 terminal server cannot have GPOs processed in th
> SBS 2003 domain
>
> If I have misunderstood the problem, please don't hesitate to let me know
>
> Suggestions
> As far as I know, the only known issue for the Windows Server 2008 in th
> SBS domain is that you cannot add the Windows Server 2008 server via th
> ConnectComputer Wizard. You need to follow the steps described in th
> following links to add a Windows 2008 server to a SBS 2003 domain
>
> Adding a Server Running Windows Server 2008 to a Windows Small Busines
> Server 2003 Networ
> http://technet.microsoft.com/en-us/library/cc708131.asp
>
> Adding Windows Server 2008 into an SBS 2003 network
> http://blogs.technet.com/sbsaustrali...ng-windows-ser
> er-2008-into-an-sbs-2003-network.asp
>
> For the group policy objects that the Window Server 2008 server is in th
> scope of, GPOs will be processed just like other Windows Server 200
> Servers. To apply group policies only when users logon to terminal servers
> you can enable the Loopback Processing mode of group policy. Normal use
> Group Policy processing specifies that computers located in their OU hav
> the GPOs applied in order during computer startup. Users in their OU hav
> GPOs applied in order during logon, regardless of which computer they lo
> on to. The loopback group policy directs the system to apply the set o
> GPOs for the computer to any user who logs on to a computer affected b
> this policy. This means that the User Components part of group policies i
> the terminal server OU are also applied to users who logon to the server n
> matter which containers the user belongs to and where the client compute
> locates. As a result, the User Components set of group policies of the T
> OU are always applied. For more information, please refer to the followin
> Microsoft Knowledge Base article
>
> 231287 Loopback Processing of Group Polic
> http://support.microsoft.com/?id#128
>
>
> Generally speaking, to apply group policy to lock down terminal server, yo
> can perform the following steps
>
> 1. Logon as local administrator to the terminal server console
> 2. Open the Group Policy Editor to configure group policy
> 3. Go to Computer Configuration, Administrative Templates, System, an
> Group Policy
> 4. On the right double click User Group Policy loopback processing mode
> 5. Click Enabled and set Mode to Merge or Replace Mode based on you
> requirement
> 6. Click OK
> 7. Configure other group policy settings that lockdown a terminal session
> such as hide C: drive
> 8. Click Start -> Run, type CMD in the Open box and click OK
> 9. Type the following command and press Enter
> gpupdate /forc
> 10. You may run the command on both the Terminal Server and the DC. Also
> you may need to restart the Terminal Server to get the new policy
> 11. Log on to the Terminal Server in a terminal session and check if grou
> policy is applied properly
>
> Does it work now? If this problem continues, please help to collect th
> following information so that I can have a better idea as to the exac
> issue
>
> 1. What are exact GPO settings that don't get processed? Are the setting
> linked on the domain or OU? If it is OU, is the terminal server object i
> the OU
> 2. If you create a new GPO for the Window Server 2008 TS, do all setting
> in the GPO not get applied, or just some of the settings
> 3. Please collect the group policy result report on the Windows Server 200
> TS. You can use the GPMC in the Windows Server 2008 to collect the report
>
> a) On the Windows Server 2008 TS, login to the domain with administrato
> account and install the GPMC feature
> b) In the GPMC, process the Group Policy Result wizard to collect the dat
> of RSOP. Then right click the result query>Save Report to a HTML fil
> and send to me a
>
> Hope it helps. If you have any questions or concerns, please do no
> hesitate to let me know. I am glad to be of help.
>
>
> Best regards,
> Miles Li
>
> Microsoft Online Partner Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> =When responding to posts, please "Reply to Group" via your
> newsreader so
> that others may learn and benefit from your issue.
> =This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
Same problem here with GPO, classic start menu is not enforced
Similar Threads
Linear Mode
