[gptalk] Merge GPO's assigning "Allow log on through TS"?

• From: "Andrew McHale" <Andrew.McHale@xxxxxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Mon, 1 Dec 2008 16:22:02 -0000

Hi all,

 

Our Default Domain Policy adds Domain Admins to the "Allow log on
through terminal services" on all machines in our domain.

 

I created a new GPO to allow a specific single user account to log on to
a specific virtualised XP box and applied at a sub-OU level containing
the XP box object.

 

Having been working remotely (using MSTSC) on the virtual XP box all day
today absolutely fine, after I applied the policy it wouldn't let me on
giving me the standard error "the local policy of this system does not
permit you to logon interactively".

 

I assume this is because the newer GPO is overriding the domain GPO due
to it being more specifically applied?

 

Going forward, I don't want to have to add all the users who are allowed
to RDP into machines to every policy that specifies this permission just
because in some instances I want to specify a particular user for a
particular machine. Is it possible to merge policy settings? Is this
where loopback processing would be applied?

 

Thanks

 

Andrew

• Follow-Ups:
  • [gptalk] Re: Merge GPO's assigning "Allow log on through TS"?
    • From: Nelson, Jamie

Other related posts:

• » [gptalk] Merge GPO's assigning "Allow log on through TS"? - Andrew McHale
• » [gptalk] Re: Merge GPO's assigning "Allow log on through TS"? - Nelson, Jamie
• » [gptalk] Re: Merge GPO's assigning "Allow log on through TS"? - Andrew McHale

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription