One of the Cherubs at school cracked my GP on a TS

[rmason99]

Hi all.

I help out a local high school and recently found that our Windows 2003 Terminal Server is no longer processing all the lockdown policies for our Student OU. All security policies, including the Default Domain policy are listed a Filtering: Not Applied (Empty).

Now the wierd part is that we rolled out a new printer policy 5 days ago to the TS (Computer Policy) and that is working fine.

Also... the policies are being applied to all Windows PCs just fine.
My assumption is that either an admin left a terminal before loggin off or a particular student (whom I cannot name for legal reasons) watched enough YouTube to hack into the TS. I lean toward the latter....

My question to the masses is this: How did he get the TS to ignore the domain assigned security policies; and how can I get to work again?

Thanks,

[jeff_longley]

So the computer polices aren't applying or the user ones?
Loopback processing being used?

[rmason99]

User policies are not applying on the Termainal Server. But they are applying on other Win PCs correctly.
When a student loggs into a PC all 10 user policies are listed as applied correctly.
When a student logs onto the TS the user policies are not listed. (Either as applied or not applied)
Computer policies are applying to TS.
Loopback processing not being used.

[trekker]

It sounds like loopback replace mode processing has been turned on... possibly on the TS server's local policy. What about when anyone else logs in to the TS? Are user policies applying to the non-student accounts on the TS?