Thanks for the information Omar. I disabled the policy and force an update on the server. I added group1 to the Remote Desktop Users group on the server. Still, when I attempt to login as one of the users in the group, I receive the message that the "to login to the computer, you must be granted the Allow to log on through Terminal Services right." Something is not right here. I have group1 setup exactly as Domain Admins. Full control on the computer object in AD, group1 added to the Remote users on the remote tab in server properties. Any ideas??? ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi Sent: Monday, July 30, 2007 12:42 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Group Policy/AD delegation issueq Did you check on the machine the policy applied to that the remote desktop checkbox was indeed checked and grayed out to verify that the policy was indeed applied? Next I would verify that the either the firewall on the machine in questions is either disabled or allows the remote desktop protocol- even many new Antivirus products have firewalls built in and can restrict this function. So I would 1st verify that it works without the GPO then uncheck the checkbox- apply the GPO and try again. Omar From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Francis Revere Sent: Monday, July 30, 2007 8:16 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Group Policy/AD delegation issueq What I am attempting to do: Create an AD group that has Full control of a specific server in an OU and can remote into this server only within the OU (for software installation). What I have done and tried: I have a group in AD called group1 with 2 members. This group has been added to the security tab of a server, called server1 with Full control. I created a GPO called test and defined the "Allow Login through Terminal Services" and to group1. Within the scope, I applied the policy to the OU with server1 in it, and added the server1 to the security filter. This did not work for some reason. I even went as far as logging into server1 and adding group1 to the remote users group to no avail. What am I missing???? I know that it is probably something really simple.