I have a native 2000/2003 AD and one 2003 terminal server. I've used the loopback policy before (other networks) to apply a different set of group policies to anyone that signs onto the terminal server - but only the terminal server. If the users sign onto their own PC's then their regular set of group policies apply.
So far, I've created an ou for the terminal server and placed it inside. Then I've made a GP inside terminal server OU, and assigned the terminal server user group to "read" and "apply" - and the same with the actual terminal server computer.
The GP for the terminal server OU has the loop back policy defined as enabled with a "replace" attribute defined. As a test, I have further diabled the shut down command, and run command, and control panel - the normal lock down stuff.
When a terminal server user logs on to the terminal server, it appears that neither the GP that normally runs for the user if they were to sing onto their own PC runs, NOR does the GP for the terminal server run.
Any suggestions would be helpfull.
So far, I've created an ou for the terminal server and placed it inside. Then I've made a GP inside terminal server OU, and assigned the terminal server user group to "read" and "apply" - and the same with the actual terminal server computer.
The GP for the terminal server OU has the loop back policy defined as enabled with a "replace" attribute defined. As a test, I have further diabled the shut down command, and run command, and control panel - the normal lock down stuff.
When a terminal server user logs on to the terminal server, it appears that neither the GP that normally runs for the user if they were to sing onto their own PC runs, NOR does the GP for the terminal server run.
Any suggestions would be helpfull.