Windows Server 2008 R2 Thread, Cross Domain Group Policy - Remote Desktop Session Host in Technical; Hope someone can help.
I am having massive trouble with Group Policy over our system. What we have is two ...
23rd October 2012, 11:55 AM #1
Cross Domain Group Policy - Remote Desktop Session Host
Hope someone can help.
I am having massive trouble with Group Policy over our system. What we have is two domains one (domain a) with the users on with 4 DC's all with replication working and all the "fat" clients and a second (domain b) with all the Remote Desktop Session Host on with there own DC.
We have a cross domain trust from Domain A to Domain B - Which is Transitive, Two way and Forest wide Authenticated. This works as you can get to files from one to the other and log on from one to the other etc which is prefect.
However here comes the issues. The GPO's are not being loaded properly, so the user GPO's from Domain A - and the Computer GPO's from Domain B which should be applied to the Remote Desktop Session Host's when the user log on and just not coming in meaning the students can see all the server settings and change what they like.
We are desperate to resolve this issue but I cannot see why the GPO's are not coming across and do not know where to start really. I have run rsop.msc and the result shows that the GPO on domain B call "Terminal Servers" is being applied but the rules dont work so what the heck is going on I have no ideas.
Any ideas would be much appreciated.
23rd October 2012, 01:05 PM #2
To accomplish this we actually set the user part settings for the Sessions host in the domain of the Session Host. We went very granular in having a seperate policy of user part and computer part. Apply both policies to the Same OU. In the user party policy configure 1 computer part setting which turns loopback processing on (either merge or replace) Then configure the users settings you want in this policy.
I can think of no technical reason why you'd need 2 policies, so feel free to just have 1 policy that configures the computer and user parts (just make sure loopback is configured).
Then for the scope of the policy we have a universal group, which contains a global group from the user domain, containing the users the settings should apply to when logging onto that particular Session Host.
This means we can have different user part settings for every Session Host if we so wish.
Hope that makes sense - was a nightmare to setup, but fairly quick process for us to follow to create a new Session Host now. - Just to note splitting the Session Hosts into another domain would not be my preferred approach, it was one of those "make this work" scenarios
Thanks to Firefox from:
jdell (23rd October 2012)
23rd October 2012, 01:15 PM #3
I will look at this now.
I agree spilitting our Domain in 2 was not the best idea but we had to due to the 2003 DC /2008 RDSH issue.
By SwedishChef in forum MIS Systems
Last Post: 29th June 2012, 02:22 PM
By salan in forum Windows
Last Post: 23rd April 2012, 09:25 AM
By M0MST in forum Windows Server 2008
Last Post: 4th November 2010, 11:02 AM
By Stuart_C in forum Windows Server 2000/2003
Last Post: 23rd January 2010, 12:48 PM
By adamf in forum Windows Server 2000/2003
Last Post: 10th December 2009, 12:26 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)