[gptalk] Re: Loopback Terminal Services policy

  • From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 2 Oct 2008 10:47:50 -0500

You shouldn't need to grant explicit read/apply rights to the server
objects if you're already filtering for "Authenticated Users". What
policies do you have linked for the user(s) you're logging onto the
Terminal servers with? Since you've set loopback to "merge", some of
those policies may be applying. Did you try running an RSoP (GPResults
Wizard)?

 

Regards,

 

Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Alex Curtis
Sent: Thursday, October 02, 2008 9:55 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Terminal Services policy

 

The other existing gpo's against that same OU set the time server, set
the ie home page, and define windows updates.  I have setup a group
containing users that have been granted access to the TS servers, set to
read and apply the policy.  In addition the servers have been added to
read and apply the policy.

Regards,

Alex.

Nelson, Jamie wrote: 

What is your security filtering set to right now? It should be
"Authenticated Users" by default, which is fine for both users and
computers.

 

Since you have your loopback merging policies you might have some other
policy overriding what you expect a setting to be. I suggest you run the
GP Results Wizard (from the GPMC console) and make sure this isn't the
case.

 

Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Alex Curtis
Sent: Thursday, October 02, 2008 9:20 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Loopback Terminal Services policy

 

Loopback is set to merge, I believe I need to add the servers to the
security tab of the gpo, is this correct? or are there any additional
settings to know about?

Regards,

Alex.

Nelson, Jamie wrote: 

Is loopback set to merge or replace?

 

Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com <http://www.dvn.com/> 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Alex Curtis
Sent: Thursday, October 02, 2008 9:04 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Loopback Terminal Services policy

 

Hello all,

I have my user in an OU just off of the root domain name in AD users and
computers,  I have another OU at the same level containing all the
terminal servers that I want the users to have the restricted policy on.

I have created the policy and linked it to the OU containing the
Terminal Servers, as per an article I found on the web and the policy is
not coming into effect.

What have I done wrong?  What do I need to change?

Regards,

Alex.

*********************** You can unsubscribe from gptalk by sending email
to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the freelists.org Web interface. Archives for the
list are available at http://www.freelists.org/archives/gptalk/
************************ 

________________________________

Confidentiality Warning: This message and any attachments are intended
only for the use of the intended recipient(s), are confidential, and may
be privileged. If you are not the intended recipient, you are hereby
notified that any review, retransmission, conversion to hard copy,
copying, circulation or other use of all or any portion of this message
and any attachments is strictly prohibited. If you are not the intended
recipient, please notify the sender immediately by return e-mail, and
delete this message and any attachments from your system. 

*********************** You can unsubscribe from gptalk by sending email
to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the freelists.org Web interface. Archives for the
list are available at http://www.freelists.org/archives/gptalk/
************************ 

*********************** You can unsubscribe from gptalk by sending email
to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the freelists.org Web interface. Archives for the
list are available at http://www.freelists.org/archives/gptalk/
************************ 

Other related posts: