terminal server config

  • Thread starter Thread starter chriske911
  • Start date Start date
C

chriske911

to the experienced people here:

what is the best way to apply a GPO for terminal servers so users get a
config wich is site specific

meaning that I want the users to be mapped to the site local server
shares instead of their own site shares

the setup in mind is to place the TS servers in the site OU instead of
all TS grouped together in a separate OU
the last is what is recommended by MS KB article

the prob is that the remote site DC's are also used for TS

so I have to move the DC's from the default domain controllers OU to
the site OU's

is there another way to organize such a setup?

thnx
 
If your servers have associated with the correct sites, then GPOs that you
have attached to the site containers will apply there. Just make sure you
remember the order of application of GPOs when troubleshooting.
 
Ryan Hanisco formulated the question :
If your servers have associated with the correct sites, then GPOs that you
have attached to the site containers will apply there. Just make sure you
remember the order of application of GPOs when troubleshooting.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL
Click to expand...

I really dislike applying GPO's on a site level
it makes the GPO troubleshooting a bit harder
or do they show up in AD users... somehow when you link them in AD
sites...?

or is there another way of applying GPO on a site level?
 
Nope, you have to link them in Sites and Services. This is the best way to
achieve what you are looking to do. Of course, if you have your
implementation sufficiently documented, then you've no problem.
Unfortunately, this rarely happens.
 
If you know what users work in what site then you could create new security
groups containing the relevant users and use filtering to apply Group
Policies to these new security groups. That would allow you to have
different logon scripts depending on what group (and therefore what site)
the user was in without actually applying the policy at site level.
ifmember.exe might also be useful in such a situation. I also suggest you do
not use DCs for TS if you can at all help it.
 
Back
Top