Terminal Server Group Policy Best Practice

http://www.msterminalservices.org/articles/Configure-Folder-Redirection.html

Terminal Server Group Policy Best Practice
Before we dig into configuring Folder Redirection, let’s review how to configure Group Policies for use with Terminal Services. Best Practice for applying Settings to Users only when they log on to Terminal Servers would be to:

Create an OU to contain a set of Terminal Servers
Block Policy Inheritance on the OU (Properties -> Group Policy). This prevents settings from higher-up in AD from affecting your Terminal Servers.
Move the Terminal Server Computer Objects into the OU. Do NOT place User Accounts in this OU.
Create an Active Directory Security Group called “Terminal Servers” (or something similar that you’ll recognize) and add the Terminal Servers from this OU to this group.
Create a GPO called “TS Machine Policy” linked to the OU
Check “Disable User Configuration settings” on the GPO
Enable Loopback Policy Processing in the GPO
Edit the Security of the Policy so Apply Policy is set for “Authenticated Users” and the Security Group containing the Terminal Servers
Create additional GPOs linked to this OU for each user population, i.e. “TS Users”, “TS Administrators”.
Check “Disable Computer Configuration settings” on these GPO
Edit the Security on these User Configuration GPOs so Apply Policy is enabled for the target user population, and Deny Apply Policy is enabled for user to which the policy should not apply.
With GPOs configured this way the Machine Policy applies to everyone that logs on to the Terminal Server (only the Computer Configuration Settings of the Machine Policy are processed) in addition to the appropriate User Configuration GPO (only the User Configuration portion of the GPO is processed) for the target user population.