Terminal Server Loopback policy not working

[insl]

I have a native 2000/2003 AD and one 2003 terminal server. I've used the loopback policy before (other networks) to apply a different set of group policies to anyone that signs onto the terminal server - but only the terminal server. If the users sign onto their own PC's then their regular set of group policies apply.

So far, I've created an ou for the terminal server and placed it inside. Then I've made a GP inside terminal server OU, and assigned the terminal server user group to "read" and "apply" - and the same with the actual terminal server computer.

The GP for the terminal server OU has the loop back policy defined as enabled with a "replace" attribute defined. As a test, I have further diabled the shut down command, and run command, and control panel - the normal lock down stuff.

When a terminal server user logs on to the terminal server, it appears that neither the GP that normally runs for the user if they were to sing onto their own PC runs, NOR does the GP for the terminal server run.

Any suggestions would be helpfull.

 

[tfg13]

Have you run RSOP as the administrator on the local machine (the TS Machine), then run it as the administrator when you connect via RDP (on the local machine) and the same for a domain account? This should tell you what settings are being applied, and by who, hence, answering the below question.

I see a potential problem. Where are you applying the GP loopback setting? Is it at the OU level, or at the local level?

 

[insl]

Wow - until now I was happily ignorant of RSOP, but will do that.

As for the GP location, it is on the OU level, where the actual Terminal Server computer is in located - nothing else is in this OU.

Thanks TFG13