1

Hi,

I’m trying to wrap my head around a GPO issue I’m having. This is a 2012 R2 domain.

I have a OU for our RDS servers. In it I have a linked GPO set to enforced (only enforced GPO in our domain). This GPO has both computer and user settings.

If I run a Group Policy Modeling wizard for a domain user + RDS server. I can see the GPO under computer as a applied GPO. However under User Details I don’t see that GPO under the applied GPOs. The enforced GPO does have settings that should be overriding other GPO values.

Do I need to split the user settings into another GPO and enforce that?

2 Spice ups
2

User GPO settings have to be applied to OU where the USER account is located.

1 Spice up
3

This is not necessarily true. If you turn on Loopback Processing, you can apply User level items through the Machine OU’s.

I would ensure you have Lookback Processing turned on in the GPO.

Also, if you do a gpresult, you can find the objects that were not applied and the reason why. However, if it is a permissions issue, you will have to lookup the SID of the GPO in order to match it with the result.

2 Spice ups
4

Yes you are correct but I would not turn loopback on unless you need to. If you have a GPO that should apply to all users and all computers and are just testing it (before rolling it out) you should apply it properly.

1 Spice up
5

I have users that log onto several systems. As the settings have to be different (and would sometimes be in conflict) it sounds like loopback is needed in my case.

I set it to apply to that OU and I’m getting the results I wanted. Thx jonahzona!

6

RDP servers are exactly what loopback policies are for. Glad you got it figured out.

1 Spice up