Did you check on the machine the policy applied to that the remote desktop checkbox was indeed checked and grayed out to verify that the policy was indeed applied? Next I would verify that the either the firewall on the machine in questions is either disabled or allows the remote desktop protocol- even many new Antivirus products have firewalls built in and can restrict this function. So I would 1st verify that it works without the GPO then uncheck the checkbox- apply the GPO and try again. Omar From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Francis Revere Sent: Monday, July 30, 2007 8:16 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Group Policy/AD delegation issueq What I am attempting to do: Create an AD group that has Full control of a specific server in an OU and can remote into this server only within the OU (for software installation). What I have done and tried: I have a group in AD called group1 with 2 members. This group has been added to the security tab of a server, called server1 with Full control. I created a GPO called test and defined the "Allow Login through Terminal Services" and to group1. Within the scope, I applied the policy to the OU with server1 in it, and added the server1 to the security filter. This did not work for some reason. I even went as far as logging into server1 and adding group1 to the remote users group to no avail. What am I missing???? I know that it is probably something really simple.