Hi
Ive taken over a customers server for administration and i see that there is one gpo with loopback replace mode linked to the terminal server OU. The security filtering contains 2 computers and a user security group.
When creating a user gpo and having the same user group security filtering on it, i can link the gpo to the terminal server OU and the gpo will be applied to the users in the sec group when logging in to the terminal servers, this without giving the computers read rights on the gpo.
Is that per design because there already is a gpo with loopback replace? I was 100% sure that every gpo had to have user and computer read rights for loopback to work
Thanks
Carlos