Questions

AD Policy doesn't apply correctly !

Tags:
+
0 Votes
Locked

AD Policy doesn't apply correctly !

sebastien.acteau
Hi All !

I'm currently facing a problem when trying to implement an auto-lockout policy trought our domain to lock each computer after a specified time(user configuration/policy). Here's the thing, I don't want this restriction to apply to our terminal server that is not a domain controller...user use the same account to log on the ts so when station locked they have to unlock both session and it's kinda anoying.

We're using Windows Server 2003 Standard Edition for both ts and dc. Does anyone know a way to work this out ?

I did try to put the ts(computer object)in a separate OU and then bind a policy to this OU with the "Block policy inheritance" but that doesn't seem to work... in fact, not a damn policy that I tried to apply at a computer level work. It's like if something we're preventing them to being applied. Any tougts bout this ?

Thank all and pardon my english !
  • +
    0 Votes
    Nonapeptide

    Is the policy you are trying to apply under the "User >> Admin Templates >> Control Panel >> Display" grouping?

    Those policies are user configuration policies and won't be able to apply to a computer unless you enable loopback processing on the GPO. Loopback processing makes user configuration settings apply to a computer no matter who logs on to it.

    Try enabling loopback processing: http://support.microsoft.com/kb/231287

    Post back and let us know how it goes! :)

    +
    0 Votes
    sebastien.acteau

    I took a look at the article you've supplied and after a couple of test figured out that it wasn't working at all. At least until I began to use the command "gpupdate" between my tests to refresh the policys on both dc and ts. Finally work this out, ant thank to you guys, everything is working fine now...

    Thank for the hand, I just leaved helpfull feedback !

    +
    0 Votes
    me19562

    If the policy you are trying to implement it's to lock the computer when the screen saver runs, that is a user policy just like Nonapeptide said and like Nonapeptide said too you'll need to enable loopback processing in the GPO that you link to the OU where the Terminal Server is.

    +
    0 Votes
    sebastien.acteau

    I took a look at the article you've supplied and after a couple of test figured out that it wasn't working at all. At least until I began to use the command "gpupdate" between my tests to refresh the policys on both dc and ts. Finally work this out, ant thank to you guys, everything is working fine now...

    Thank for the hand, I just leaved helpfull feedback !

    +
    0 Votes
    me19562

    If the policy you are trying to implement it's to lock the computer when the screen saver runs, that is a user policy just like Nonapeptide said and like Nonapeptide said too you'll need to enable loopback processing in the GPO that you link to the OU where the Terminal Server is.

  • +
    0 Votes
    Nonapeptide

    Is the policy you are trying to apply under the "User >> Admin Templates >> Control Panel >> Display" grouping?

    Those policies are user configuration policies and won't be able to apply to a computer unless you enable loopback processing on the GPO. Loopback processing makes user configuration settings apply to a computer no matter who logs on to it.

    Try enabling loopback processing: http://support.microsoft.com/kb/231287

    Post back and let us know how it goes! :)

    +
    0 Votes
    sebastien.acteau

    I took a look at the article you've supplied and after a couple of test figured out that it wasn't working at all. At least until I began to use the command "gpupdate" between my tests to refresh the policys on both dc and ts. Finally work this out, ant thank to you guys, everything is working fine now...

    Thank for the hand, I just leaved helpfull feedback !

    +
    0 Votes
    me19562

    If the policy you are trying to implement it's to lock the computer when the screen saver runs, that is a user policy just like Nonapeptide said and like Nonapeptide said too you'll need to enable loopback processing in the GPO that you link to the OU where the Terminal Server is.

    +
    0 Votes
    sebastien.acteau

    I took a look at the article you've supplied and after a couple of test figured out that it wasn't working at all. At least until I began to use the command "gpupdate" between my tests to refresh the policys on both dc and ts. Finally work this out, ant thank to you guys, everything is working fine now...

    Thank for the hand, I just leaved helpfull feedback !

    +
    0 Votes
    me19562

    If the policy you are trying to implement it's to lock the computer when the screen saver runs, that is a user policy just like Nonapeptide said and like Nonapeptide said too you'll need to enable loopback processing in the GPO that you link to the OU where the Terminal Server is.