+ Reply to Thread
Results 1 to 3 of 3

Thread: Group Policy Loopback processing for Terminal server

  1. 08-12-2010, 01:09 PM #1
    joe1212
    joe1212 is offline Getting Started on GPanswers.com
    Join Date
    Aug 2010
    Posts
    2

    Default Group Policy Loopback processing for Terminal server

    Hi,
    I'm wondering if someone can help me out, I've got a question regarding Group Policy loopback processing in Windows 2008 R2. Basically I've got a 2008R2 Terminal Server, I'm applying lock down policies to this via loopback processing in the standard way; Terminal server OU with a linked policy using loopback processing.
    However i have a second group of users who will use a non standard application on the Terminal Server, so i would like to create an another policy that will only apply to them. I thought i could do this via Security filtering, by simply removing authenticated users from the second policy and adding a security group containing the user accounts for the application but this policy doesnt get applied. Am assuming this is due to the loopback processing ? is there anyway to filter by user group and still use loopback processing?

    thanks
    Reply With Quote Reply With Quote
  2. 02-19-2011, 06:15 AM #2
    clausjj
    clausjj is offline Getting Started on GPanswers.com
    Join Date
    Feb 2011
    Posts
    3

    Default

    In short.

    The security filtering on the user group will not work, because the users are not the ones have the GPO applied. It is the server. And yes, that is due to the loopback processing.

    And by the way it is no longer called Terminal Services in R2 but Remote Desktop Services.

    Off the top of my head, I cannot give you a solution, but will think it through and try to come up with a solution.

    Regards
    Claus Jacob Wordenskjold, MCT
    Chinchilla Data | Vi kæler for din viden (in danish)
    Reply With Quote Reply With Quote
  3. 02-22-2011, 10:36 AM #3
    raffim
    raffim is offline Getting Started on GPanswers.com
    Join Date
    Dec 1969
    Posts
    6

    Default Group Policy Loopback processing for Terminal Server (Remote Desktop)

    All you have to do is add the server(s) names also in the Security Filter section of the gpo. For Loopback processing to work you need both users and computers in the filter. Typically the Security Filter is set to "Authenticated Users" which covers both users and computers.

    You most likely have removed the Authenticated Users, created a group with the users, and added that group to the filter. Now you are missing the computer object(s). You can do the same with the computer object(s). Add them individually or create another AD group and add the computers (Terminal Server/Remode Desktop) devices to it and add the group to the Security Filter.

    Hope this helps.

    Raffi
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


Search Engine Friendly URLs by vBSEO