We have a logon-script that copies a number of remoteapp.rdp-files to some users desktops. However these users sometimes also has to connect directly to our terminal server through a remote desktop connection to use certain software. When they connect to to the remote desktop we don't want the remoteapp.rdp-files to be copied there.The specific users are all members of an AD security group. Then we have an OU with all of the organizations client computers.
So what I would like to do is apply a GPO with the logon-script to the users within the AD user group if they log on to a client computer within the client OU. The GPO and logon-script are user-specific.
I created a GPO that applies to the user AD group and that is linked to the client computer OU. This doesn't seem to work, no files are copied at least. I think the problem might be that the GPO settings are user-specific while the linked OU only contains computers. Any suggestions on a different approach that will make the GPO work as intended?
Best Answer
SELECT * FROM Win32_ComputerSystem WHERE NAME <> 'COMPUTER_NAME_HERE'This will cause the GPO to run when the targeted users logon any computer in the domain except your Terminal Server.
This approach doesn't introduce the typical unintended side-effects so common with Loopback Processing. In your case, if you use Loopback Processing, every user (not just the members of your AD Security Group) will have all of their user GP settings applied when they log into your Terminal Server, turning your efforts to apply only the file-copying setting into a situation where unrelated settings are applied to unrelated users.