Loopback group policies --- exclude administrators

  • Thread starter Thread starter barabba
  • Start date Start date
B

barabba

Hi all,

I'm in the process of implementing terminal services in the domain I
administer.
Currently users use fat clients.

In order to allow a soft upgrade to ts, I want users to be able to
access both thin clients and terminal services. The problem was that
fat users and thin users are in different ous, each one with their own
policy settings.

To make a long story short, I enabled loopback processing mode in the
group policy the governs the computer settings of the terminal
services. I then filled the user part of this policy with the settings
for the fat clients.

Now the only problem is that both regular and domain admins are
configured which is not what I like.
Domain admins, by nature, have the following security on the newly
created policy:
- full control: none
- read: allow
- write: allow
- create all child objects: allow
- delete all child objects: allow
- apply group policy: none

so you can see that the policy is not read by domain admins. However I
googled a while and read a couple of posts recommending to tweak these
security settings. I tried to follow these tips but could not get to
anywhere.
Could somebody be so kind to tell me if what I'm trying to accomplish
is at all possible ??

Thank you so much !
Bar
 
Back
Top