Configuring profiles

  • Thread starter Thread starter jude
  • Start date Start date
J

jude

Hello, I am in the process of installing a new Win2K3 network, with one
server for active directory, and one server for applications. One
application will be run under terminal services. I am thinking that a
good setup would be to create a terminal services OU for the 7 users.
Then I can apply policies to the OU. The clients would log onto the
domain, and then invoke a term. services session; thereby preventing
any conflict with their domain profile and a term. services profile.
Does anyone have any feedback for me on this scenario? Thanks, Jude
 
Yes, you need a separate OU.
Be sure to put the TS server object in the OU, *not* the user
accounts. And use loopback processing of the GPO.

More details here:
http://ts.veranoest.net/
Choose "Group Policies" in the menu
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
On 30 May 2006 13:38:50 -0700, "(e-mail address removed)"

-Hello, I am in the process of installing a new Win2K3 network, with one
-server for active directory, and one server for applications. One
-application will be run under terminal services. I am thinking that a
-good setup would be to create a terminal services OU for the 7 users.
-Then I can apply policies to the OU. The clients would log onto the
-domain, and then invoke a term. services session; thereby preventing
-any conflict with their domain profile and a term. services profile.
-Does anyone have any feedback for me on this scenario? Thanks, Jude


We do something similar. Points to note:

Use different user names for the users "windows" id, and their terminal services
one, so the windows ones don't get effected by the policies on the OU

If you put a policy on the OU, and then put the users in it, only the User
configuration is acted upon, the Computer Config is ignored.

This may help
http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx

regards
-Rob
-Rob
robatwork at mail dot com
 
You can avoid creating multiple user accounts, when you use
loopback processing of the GPO, and link the GPO to the OU which
contains the Terminal Server machine accounts, *not* the user
accounts.
Loopback processing is especially created for this situation.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Back
Top