Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy assignments and terminal server

Status
Not open for further replies.
withanh

withanh

IS-IT--Management
Dec 17, 2008
221
US
I have an OU of users that have historically only connected to my network/domain via terminal services. I have a GPO assigned to that OU to restrict what those users can see (i.e. drives, printers, etc.) on the terminal server. This all works properly and as desired.

The issue is we are now deploying laptops to these users and they will be connecting in via VPN. Unfortunately, this aforementioned GPO is being applied to these users. I understand this is how we currently have it configured.

What I'd like to know is if there's a way to keep this user based GPO from deploying to these laptops. I do need to keep the GPO active in case the users still connect in via T/S.

Basically something like this:

If <user> & <terminal server> then
GPO applied
ElseIf <user> & not<terminal server> then
GPO not applied
EndIf

Thanks!
 
Sort by date Sort by votes
Two ways to handle this, probably more. One you could put the TS in its own OU and apply the GPO to that OU so its applied to the server and not the users. Second way, google loopback processing.



RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
 
Upvote 0 Downvote
Might have to look at loopback processing.

We originally had the GPO applied to the terminal server, but we have other users that connect to the TS that need to not be limited (like me when I connect to the TS from home).

Thanks.
 
Upvote 0 Downvote
Ive gotten around that by making an AD group call it whatever you want, add the users you dont want the GPO to apply to like admins or yourself. Then add the group to the GPO permissions and set it to deny read.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
473
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
392
MaioMaio
MaioMaio
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
615
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
394
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
483
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top