0

I am trying to get a GPO to apply to users only when they login to the RDS Farm. Specifically I need to set their Outlook caching to a shorter period of time.

I created the RDS GPO and added my settings. When I apply the GPO to just the "RDS Servers Group" and the "RDS Users Group", I do not see any of my settings applied. When I run a gpresult /scope user /v, the only policy being applied is the Default Domain.

If I add the RDS GPO to the domain level, it works too well (Loopback Processing in Merge mode is applied), all users get the applied settings on all machines. Including the domain admins. This is not what I was intending. So as of now, I have the RDS GPO linked only to the RDS OU to prevent issues with admin accounts and normal workstations. Loopback Processing is still enabled, but the policy isnt applying the way I want it.

RDS Servers are 2019 Standard.

dmonks
  • 3
  • 2

1 Answers1

0

Are these new security groups that you created for this purpose?

If you're scoping this GPO to an OU that only contains the RDS servers (which would be the simplest thing to do) then don't use Security Filtering as there's no need. The GPO will only apply to the computer accounts in the OU. Set the Security Filtering back to Authenticated Users.

If you're not scoping the GPO to an OU that only contains the RDS servers then create one, move the RDS computer accounts to this OU, and link the GPO to this OU. Again remove your Security Filtering and add Authenticated Users to the Security Filtering.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172