[gptalk] Merge GPO's assigning "Allow log on through TS"?
- From: "Andrew McHale" <Andrew.McHale@xxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Mon, 1 Dec 2008 16:22:02 -0000
Hi all,
Our Default Domain Policy adds Domain Admins to the "Allow log on
through terminal services" on all machines in our domain.
I created a new GPO to allow a specific single user account to log on to
a specific virtualised XP box and applied at a sub-OU level containing
the XP box object.
Having been working remotely (using MSTSC) on the virtual XP box all day
today absolutely fine, after I applied the policy it wouldn't let me on
giving me the standard error "the local policy of this system does not
permit you to logon interactively".
I assume this is because the newer GPO is overriding the domain GPO due
to it being more specifically applied?
Going forward, I don't want to have to add all the users who are allowed
to RDP into machines to every policy that specifies this permission just
because in some instances I want to specify a particular user for a
particular machine. Is it possible to merge policy settings? Is this
where loopback processing would be applied?
Thanks
Andrew
Other related posts:
