R
Robert A. Magrogan
How do I re-activate / migrate my old terminal-server
group policies from the NT4 domain to AD, without using
GPO Loop Back?
I am the MIS director at one division of a national
company. At my division, I implemented a TS farm for 250
users using five Win2k Terminal Servers, and a NT4 DC.
I created detailed group-policies on the TS-servers for
Default-users, Power-users, and administrators. For
example, Administrators received a RUN on the start menu,
but users did not. Life WAS get.
Then, our Corporate IT shop replaced my NT4 PDC with a
Win2k DC, which is one of about 60 DCs in a nation-wide
Active Directory. Now, all terminal server users appear
to be getting the original Default-Users policies.
My security level has been reduced to something less than
a Domain Admin. All I can do is reboot the DC and add new
users - not groups!
Corporate is against using terminal servers and they are
afraid of my TS-farm. But, I am allowed to keep them.
They don't know what "GPO Loop back policy" is and they
are not likely to implement it since it has to be done at
the AD root level.
Given this scenario, what is the best way to RE-implement
group-specific policies on my TS servers (which I am the
administrator of) while minimizing my dependence on
Corporate administrators?
group policies from the NT4 domain to AD, without using
GPO Loop Back?
I am the MIS director at one division of a national
company. At my division, I implemented a TS farm for 250
users using five Win2k Terminal Servers, and a NT4 DC.
I created detailed group-policies on the TS-servers for
Default-users, Power-users, and administrators. For
example, Administrators received a RUN on the start menu,
but users did not. Life WAS get.
Then, our Corporate IT shop replaced my NT4 PDC with a
Win2k DC, which is one of about 60 DCs in a nation-wide
Active Directory. Now, all terminal server users appear
to be getting the original Default-Users policies.
My security level has been reduced to something less than
a Domain Admin. All I can do is reboot the DC and add new
users - not groups!
Corporate is against using terminal servers and they are
afraid of my TS-farm. But, I am allowed to keep them.
They don't know what "GPO Loop back policy" is and they
are not likely to implement it since it has to be done at
the AD root level.
Given this scenario, what is the best way to RE-implement
group-specific policies on my TS servers (which I am the
administrator of) while minimizing my dependence on
Corporate administrators?