Group Policy with External Trust Users

[keith]

I have an AD domain with a one-way external trust with
another domain. I have a WTS box that users from both
domains access. When I was running NT4, I used a .pol
file and was able to restrict access on the server for
users in both domains. When I upgraded to AD, I created a
seperate OU for the WTS box and configured a Group Policy
to lock the server down. I greated a Domain Local Group
with the users from both domains and added it to the OU.
I ran the secedit utility on the DC. Now only users in my
domain are getting the restricted desktop from the GPO.
The users in the other domain are not affected. Is this
typical behavior for AD? How can I make this work like it
was in NT4?

 

[Matjaz Ladava [MVP]]

GPO's are applied only to the users and computer objects that reside in a OU
on which GPO is defined (+inherited GPO's). In w2k you can still use old
..pol mode if you like. I don't see the way how would clients from trusted
domain get your other domain's GPO's applied. What OS type is on that
clients ?

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

 

[keith]

As long as the user has a cached profile on the WTS,
the .pol works. It doesn't apply to any new user. The
clients are W2K Pro. I have a group with the users from
both domains in the OU where the GPO is applied.