locked
Deny security setting for Domain Admins on Computer OU with computer GPo is being ignored RRS feed

  • Question

  • A GPo is created on a computer OU.

    Settings within the GPo are:
    Computer configuration\policies\administrative templates\windows components\remote desktop services\remote desktop\session host\profiles\set path for remote desktop services

    Settings need to be applied to a user group; read and AGP .
    Setting must NOT be applied on Domain admins; read and deny AGP.

    Deny security setting for Domain Admins on Computer OU with computer GPo is being ignored.
    Also when deny is applied on single user, the deny is ignored.

    This setting is only a computer policy.
    This setting need to be set on only the RDSH in that computer OU and not on other RDSH servers in another OU.

    Tuesday, September 3, 2013 10:31 AM