[THIN] Re: OT: Sorta: Group Policy not working

  • From: "Greg Reese" <GReese@xxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 24 Mar 2003 14:30:30 -0500

I had trouble with GPO once and this is the response I got from Lonnie =
T.

Did the trick for me.

Greg


1. Create an OU for the Terminal Servers and move the TS machines into =
this
OU=20
2. Create a group policy for the Terminal Server OU with the following
settings a) No Override b) Block inheritance c) Administrators =
specifically
denied apply access to policy Within this policy enable the Group Policy
Objects loopback processing. NOTE: Just doing this as MS Article Q260370
suggested did not work for me. Good luck if it worked for you. Anyway =
the
next couple of steps is how I got it to work.=20
3. Use gpedit.msc on the local Terminal Server to open the local machine
policy. Within the local policy set the Group Policy Loopback processing =
to
enabled.=20
4. Test the local loopback by changing a setting in the local machine =
policy
using gpedit.msc. Try and deny access to something like the display =
control
panel and then test it by attempting to access the display properties.=20
5. Once you know the local policy has worked then open gpedit again on =
the
local machine and set the Group Policy Loopback to Not Configured.=20
6. The Group Policy Object defined in the Acitive directory will now =
work
for the Machines in the OU created for Terminal Servers. You can create
different policies for different groups based on permissions you give =
users
for the group policy object. eg you explicitly deny apply permissions to
users such as administrator who you do not want to have the policy =
applied
to.=20



-----Original Message-----
From: Gabe Knuth [mailto:gabek@xxxxxxxxxxxxxxxxx]
Sent: Monday, March 24, 2003 2:22 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: Sorta: Group Policy not working


Hi all,
=20
I'm trying to use the flex profiles, which appear to be pretty cool.
=20
The problem that I am having is that my logon script doesn't run.  I've
used a GPO on a test OU with a test user to set the logon and logoff
scripts, but they never run.  II know the scripts are valid because I
can run them after logon.
=20
I've tried running secdit /refreshpolicy user_policy /enforce, but that
doesn't appear to help.
=20
Anyone have any thoughts?  I'm drawing a blank.  =20
=20
Thanks,
Gabe

********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: