Use the security groups filtering option for applying the policy only to your "help desk group". Enable the apply and read permission only for this group... Or -if you only want to remove the admins from applying this policy- use the deny option in security settings for the admins...
But why don't you use restricted groups to add the help desk group to your local administrators group of the Terminal Servers? > I have an OU that contains only a group of terminal servers. I'd like to > set the GPO that configures > the remote control permissions for terminal servers in that OU. That's > easy enough, but can I set this > policy so it applies not just to administrators, but a select group of > help desk people without those > help desk people being admins on the terminal servers? Thanks! > > > > Mark Creamer > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
