sounds like two separate issues- but may be related. by default the remote desktop users group is allowed logon through terminal services (w2k3) on w2k you should only need to add the necessary group to "Allow log on through terminal services- but you may also need to add allow logon locally Are your users members of the Remote Desktop Users group on the local terminal server? What are the security filtering settings on the GPO in question. If you are using GPMC- which you should be- on the general page of the GPO properties you it will list which groups the policy applies to. (if the page is not named general- then it is the left most page in the task pane of the GPMC) As for your restricted groups- which groups are you managing with this policy and is the policy applied to the OU that contains the terminal servers? Omar ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx on behalf of Justin Salandra Sent: Tue 10/16/2007 8:10 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Terminal Server Group Policy I have a terminal server setup with a group policy being applied, however even though all permissions are correct and the user account and computer account both have access to read and apply the policy, you are unable to login as the user and the computer itself reports that Security Filtering is denying the policy. We are using restricted groups in the group policy and a new group created within AD was added as a member of that group so the end user has the rights to login, but because the policy is not applying, it is not working. There are no errors in the System or Application log, all seems to be working, any ideas? Justin A. Salandra Director of Technology Citadel Perimeter 62 William Street New York, NY 10005 Office 212.931.8830 x209 Cell 917.455.0110 jsalandra@xxxxxxxxxxxxx