TechieTony
IS-IT--Management
Hello all,
Im having trouble with group policy for TS. I used this guide to help me
Currently I have 2 TS servers in the gpo applying the group policy with full control. I also have some admin accounts denying the gpo. When I log into the TS with a normal user it applies to their User Account but I can see no Computer Settings in gpresult.
When I log in as an administrator I can see the computer settings as well as the User Settings. These are my current settings for the GPO
------------------------------------------------------
Terminal Services Lockdown
Data collected on: 6/6/2008 8:35:14 AM show all
Generalhide
Detailsshow
Domain mccoysales.local
Owner Company1\Domain Admins
Created 6/3/2008 9:36:04 AM
Modified 6/6/2008 8:30:02 AM
User Revisions 1 (AD), 1 (sysvol)
Computer Revisions 26 (AD), 26 (sysvol)
Unique ID {D9873791-6759-4AC3-8D1E-71A6E5129E16}
GPO Status Enabled
Linksshow
Location Enforced Link Status Path
Company1 Yes Enabled Company1.local
This list only includes links in the domain of the GPO.
Security Filteringshow
The settings in this GPO can only apply to the following groups, users, and
computers:Name
MCCOYSALES\Enterprise Admins
MCCOYSALES\MCSVR03$
MCCOYSALES\MCSVR04$
NT AUTHORITY\Authenticated Users
WMI Filteringshow
WMI Filter Name None
Description Not applicable
Delegationshow
These groups and users have the specified permission for this GPOName
Allowed Permissions Inherited
MCCOYSALES\Admin2 Custom No
MCCOYSALES\Enterprise Admins Read (from Security Filtering) No
MCCOYSALES\Terminal03$ Edit settings, delete, modify security No
MCCOYSALES\Terminal04$ Edit settings, delete, modify security No
MCCOYSALES\Admin1 Custom No
NT AUTHORITY\Authenticated Users Custom No
NT AUTHORITY\SYSTEM Custom No
Computer Configuration (Enabled)hide
Administrative Templateshide
System/Group Policyhide
Policy Setting
User Group Policy loopback processing mode Enabled
Mode: Replace
System/User Profileshide
Policy Setting
Add the Administrators security group to roaming user profiles Enabled
Delete cached copies of roaming profiles Enabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Pagehide
Policy Setting
Automatically check for Internet Explorer updates Disabled
Empty Temporary Internet Files folder when browser is closed Enabled
Play animations in web pages Disabled
Play sounds in web pages Disabled
Play videos in web pages Disabled
Windows Components/Terminal Serviceshide
Policy Setting
Enforce Removal of Remote Desktop Wallpaper Enabled
Limit number of connections Enabled
TS Maximum Connections allowed 1
Type 999999 for unlimited connections.
Policy Setting
Remove Disconnect option from Shut Down dialog Enabled
Remove Windows Security item from Start menu Enabled
Restrict Terminal Services users to a single remote session Enabled
Set path for TS Roaming Profiles Enabled
Profile path \\mcsvr01\TSProfiles
Specify the path in the form, \\Computername\Sharename
Do not append the user name to the profile path. Disabled
Policy Setting
Set the Terminal Server licensing mode Enabled
Specify the licensing mode for the terminal server. Per User
Policy Setting
Sets rules for remote control of Terminal Services user sessions Enabled
Options: Full Control without user's permission
Windows Components/Terminal Services/Client/Server data redirectionhide
Policy Setting
Allow audio redirection Disabled
Allow Time Zone Redirection Enabled
Do not allow COM port redirection Enabled
Do not allow LPT port redirection Enabled
Terminal Server Fallback Printer Driver Behavior Enabled
When Attempting to Find a Suitable Driver: Default to PCL if one is not
found.
Windows Components/Terminal Services/Sessionshide
Policy Setting
Set time limit for disconnected sessions Enabled
End a disconnected session 30 minutes
Policy Setting
Terminate session when time limits are reached Enabled
User Configuration (Enabled)hide
Windows Settingshide
Folder Redirectionhide
My Documentsshow
Setting: Basic (Redirect everyone's folder to the same location)show
Path: \\%HOMESHARE%%HOMEPATH%
Optionsshow
Grant user exclusive rights to My Documents Enabled
Move the contents of My Documents to the new location Enabled
Policy Removal Behavior Leave contents
Any ideas welcome
Im having trouble with group policy for TS. I used this guide to help me
Currently I have 2 TS servers in the gpo applying the group policy with full control. I also have some admin accounts denying the gpo. When I log into the TS with a normal user it applies to their User Account but I can see no Computer Settings in gpresult.
When I log in as an administrator I can see the computer settings as well as the User Settings. These are my current settings for the GPO
------------------------------------------------------
Terminal Services Lockdown
Data collected on: 6/6/2008 8:35:14 AM show all
Generalhide
Detailsshow
Domain mccoysales.local
Owner Company1\Domain Admins
Created 6/3/2008 9:36:04 AM
Modified 6/6/2008 8:30:02 AM
User Revisions 1 (AD), 1 (sysvol)
Computer Revisions 26 (AD), 26 (sysvol)
Unique ID {D9873791-6759-4AC3-8D1E-71A6E5129E16}
GPO Status Enabled
Linksshow
Location Enforced Link Status Path
Company1 Yes Enabled Company1.local
This list only includes links in the domain of the GPO.
Security Filteringshow
The settings in this GPO can only apply to the following groups, users, and
computers:Name
MCCOYSALES\Enterprise Admins
MCCOYSALES\MCSVR03$
MCCOYSALES\MCSVR04$
NT AUTHORITY\Authenticated Users
WMI Filteringshow
WMI Filter Name None
Description Not applicable
Delegationshow
These groups and users have the specified permission for this GPOName
Allowed Permissions Inherited
MCCOYSALES\Admin2 Custom No
MCCOYSALES\Enterprise Admins Read (from Security Filtering) No
MCCOYSALES\Terminal03$ Edit settings, delete, modify security No
MCCOYSALES\Terminal04$ Edit settings, delete, modify security No
MCCOYSALES\Admin1 Custom No
NT AUTHORITY\Authenticated Users Custom No
NT AUTHORITY\SYSTEM Custom No
Computer Configuration (Enabled)hide
Administrative Templateshide
System/Group Policyhide
Policy Setting
User Group Policy loopback processing mode Enabled
Mode: Replace
System/User Profileshide
Policy Setting
Add the Administrators security group to roaming user profiles Enabled
Delete cached copies of roaming profiles Enabled
Windows Components/Internet Explorer/Internet Control Panel/Advanced Pagehide
Policy Setting
Automatically check for Internet Explorer updates Disabled
Empty Temporary Internet Files folder when browser is closed Enabled
Play animations in web pages Disabled
Play sounds in web pages Disabled
Play videos in web pages Disabled
Windows Components/Terminal Serviceshide
Policy Setting
Enforce Removal of Remote Desktop Wallpaper Enabled
Limit number of connections Enabled
TS Maximum Connections allowed 1
Type 999999 for unlimited connections.
Policy Setting
Remove Disconnect option from Shut Down dialog Enabled
Remove Windows Security item from Start menu Enabled
Restrict Terminal Services users to a single remote session Enabled
Set path for TS Roaming Profiles Enabled
Profile path \\mcsvr01\TSProfiles
Specify the path in the form, \\Computername\Sharename
Do not append the user name to the profile path. Disabled
Policy Setting
Set the Terminal Server licensing mode Enabled
Specify the licensing mode for the terminal server. Per User
Policy Setting
Sets rules for remote control of Terminal Services user sessions Enabled
Options: Full Control without user's permission
Windows Components/Terminal Services/Client/Server data redirectionhide
Policy Setting
Allow audio redirection Disabled
Allow Time Zone Redirection Enabled
Do not allow COM port redirection Enabled
Do not allow LPT port redirection Enabled
Terminal Server Fallback Printer Driver Behavior Enabled
When Attempting to Find a Suitable Driver: Default to PCL if one is not
found.
Windows Components/Terminal Services/Sessionshide
Policy Setting
Set time limit for disconnected sessions Enabled
End a disconnected session 30 minutes
Policy Setting
Terminate session when time limits are reached Enabled
User Configuration (Enabled)hide
Windows Settingshide
Folder Redirectionhide
My Documentsshow
Setting: Basic (Redirect everyone's folder to the same location)show
Path: \\%HOMESHARE%%HOMEPATH%
Optionsshow
Grant user exclusive rights to My Documents Enabled
Move the contents of My Documents to the new location Enabled
Policy Removal Behavior Leave contents
Any ideas welcome