J
John Faris
Hi all.
I have a group policy set-up to restrict terminal services users on one of
our servers. In order to get it to apply only to users when they use this
PC I had to link the policy to a special OU that I made to hold the terminal
server in Active Directory. I then turned on loopback processing but I
found that I also had to add the Computer$ account to the list of accounts
able to apply the policy for it to work (read this on MS site as I have
removed Authenticated Users from the access list). This is fine, but I
specifically added domain admins to the list with Deny set for Apply Policy
to prevent the restictions applying to the administrtor group. Today I
tried to install some software and found that the Windows Installer was
disabled and Group Policy Management revealed that this was because the
policy I had set-up was being applied to the Adminstartor account. So my
question is how do I stop this policy from affecting Adminstrators?
TIA.
John.
I have a group policy set-up to restrict terminal services users on one of
our servers. In order to get it to apply only to users when they use this
PC I had to link the policy to a special OU that I made to hold the terminal
server in Active Directory. I then turned on loopback processing but I
found that I also had to add the Computer$ account to the list of accounts
able to apply the policy for it to work (read this on MS site as I have
removed Authenticated Users from the access list). This is fine, but I
specifically added domain admins to the list with Deny set for Apply Policy
to prevent the restictions applying to the administrtor group. Today I
tried to install some software and found that the Windows Installer was
disabled and Group Policy Management revealed that this was because the
policy I had set-up was being applied to the Adminstartor account. So my
question is how do I stop this policy from affecting Adminstrators?
TIA.
John.