Manualshelf

Installation guide

ManualsBrandsCitrix Systems ManualsComputer equipmentMetaFrame MetaFrame Presentation Server
41424344454647484950
40 Implementing Windows Terminal Server and Citrix MetaFrame on IBM ^ xSeries Servers
A GPO is defined for the domain acme.com by selecting the Properties of the acme.com
object. This displays the GPOs for acme.com. Policies are applied in the following order:
1. Local group
2. Site group
3. Domain group
4. Organizational unit
Using the example above, users Bob Smith, Ted Jones, and Michelle Sargent have the
acme.com policy applied unless Group Policies are defined for lower OUs such as accounts
or sales. The policy applied is the same regardless of the computer or terminal server that
they log on to in the company.
In many cases, you may want a more secure policy for your terminal server. The solution is to
apply an alternative policy when a user logs on to a particular computer. To do this, create an
OU for your terminal servers as shown in Figure 5-4. Our example shows our terminal server
is located in the OU acme.com/Servers/terminal servers. For this OU, create another Group
Policy with the settings you want applied for all terminal server users as shown in Figure 5-5.
Figure 5-5 The Default Domain Group Policy Object for acme.com
Ensuring that users have sufficient freedom on their own PC, while providing adequate
protection to the terminal server, is achieved by using the loopback processing mode.
In Figure 5-6, you can see the Group Policy for the acme.com/Servers/Terminal Servers OU.
Set the
User Group Policy loopback processing mode to Enabled with a mode setting of
Replace. Now when users log on to a terminal server whose computer object is in the
acme.com/Servers/Terminal Servers OU, they receive user policy settings based on the
computer object location, rather than the user object location.
You must shut down and restart your terminal server for the loopback processing mode to
take effect.