RE: [ActiveDir] Undoing a GPO for Domain Admins

[Creamer, Mark]

Yes I do (loopback) – that may be where I’m going wrong. My goal is to only have the settings apply to normal users, and only when they are on the terminal servers in the OU where the GPO is applied. So in order to have the user portion of the GPO apply to computers in the OU, I enabled loopback (the user objects are all in the Users container). If that’s the problem, can you explain further for me what’s going wrong? Thanks Darren…   <mc> -----Original Message----- From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Undoing a GPO for Domain Admins   Mark- What you're doing should work. The only difference is that I usually also include the Read permission in the Deny, but since you need both Read and Apply GPO to process a policy, your way should work. Is it possible you have a loopback policy enabled on that GPO?   Darren   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Tuesday, January 06, 2004 7:45 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Undoing a GPO for Domain Admins I created a GPO to manage users’ terminal server desktop settings. I then noticed that those settings were being applied to domain admins, which I did not want. So on the Group Policy’s security tab, I explicitly denied the Apply Group Policy to Domain and Enterprise Admins. However, nothing changed. As an example, all of the applications are hidden from the start menu/Accessories except Explorer and Notepad. However, all the shortcuts do exist in the All Users folder.   How do I restore the desktop to the admins without changing the normal users?   Thanks,   Mark Creamer