New OU GPO fro Terminal Server

Discussion in 'Active Directory' started by slawrie, Dec 13, 2004.

  1. slawrie

    slawrie Guest

    I have a SBS 2003 server and a Windows 2003 terminal server. I have
    configured a Terminal Servers OU and created a new group policy. When I check
    the GPO for the OU the Link Order= 1;Enforced= Yes;Link Enabled= Yes;GPO
    Status= Enabled. Under Group Policy Inheritance the new GPO is listed as
    Enforced and is 1 in the Precedence.
    Does anyone have any ideas or troubleshooting techniques to help gigure out
    what I am missing.

    Thanks,

    Steve
     
    slawrie, Dec 13, 2004
    #1
    1. Advertisements

  2. slawrie

    John Powell Guest

    John Powell, Dec 13, 2004
    #2
    1. Advertisements

  3. slawrie

    slawrie Guest

    I see it is a little vague....Bottom line....the changes I made to the gpo
    are working. I have a terminal server access group that is allowed to logon
    to the member server/terminal server. The terminal server itself is placed in
    a newly created Terminal Servers OU to which the policy is applied. Loopback
    processing replace mode is enabled.
    I will take a look at the links you sent.

    Thanks,

    Steve
     
    slawrie, Dec 13, 2004
    #3
  4. Hi Steve

    If you're saying that the policy doesn't apply as expected and you want to
    troubleshoot it, you can enable user environment debug logging and that'll
    tell you which policies are applying from where, which ones were in the
    scope of management but not applied and why ...

    221833 How to enable user environment debug logging in retail builds of
    Windows
    http://support.microsoft.com/?id=221833

    Kind regards
    --
    Mark Renoden [MSFT]
    Windows Platform Support Team
    Email:

    Please note you'll need to strip ".online" from my email address to email
    me; I'll post a response back to the group.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mark Renoden [MSFT], Dec 13, 2004
    #4
  5. slawrie

    slawrie Guest

    Mark,

    Thanks for the suggestion, but I ran the group policy results wizard and
    under Group Policy Objects > Denied GPOs it reports Access Denied (Security
    Filtering). Now I need to figure where it is being filtered.

    Steve
     
    slawrie, Dec 13, 2004
    #5
  6. Hi Steve

    The GPO should have security set so that the computer account has read and
    apply as well as the user account having read and apply. The default
    permissions should just work. Have you changed them?

    Kind regards
    --
    Mark Renoden [MSFT]
    Windows Platform Support Team
    Email:

    Please note you'll need to strip ".online" from my email address to email
    me; I'll post a response back to the group.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mark Renoden [MSFT], Dec 14, 2004
    #6
  7. slawrie

    slawrie Guest

    Mark,

    On the scope tab of the GPO under security settings I have my terminal
    server access group. Nothing is there for a computer account. I don't think I
    changed anything other than removing authenticated users group. I thought
    that would be OK. Maybe I'll add the auth. users back and see what happens.

    Steve
     
    slawrie, Dec 14, 2004
    #7
  8. Hi Steve

    That'll do it because Authenticated users includes computers and users.

    Kind regards
    --
    Mark Renoden [MSFT]
    Windows Platform Support Team
    Email:

    Please note you'll need to strip ".online" from my email address to email
    me; I'll post a response back to the group.

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mark Renoden [MSFT], Dec 14, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.