Apply Group Policy to Remote Desktop Services users but not when they log on to their local system

Running Windows Server 2008 Service Pack 2 with Remote Desktop Services role. I want to hide the servers drives using a GPO, but not the users local drives when they are logged on to their local system.

Using a GPO, I went to "User Configuration - Policies - Administrative Template - Windows Components - Windows Explorer" and enabled "Hide these specified drives in My Computer" and "Prevent access to drives from My Computer" and in both used "Restrict all drives". Then under "Security Filtering" for the GPO, I restricted it to the system running Remote Desktop Services and the specific users who will be using RDS.

I then applied the GPO to our domain and it worked a little too well. Not only was I successful in getting the GPO to work for RDS users, but it also affected those same users at their local systems as well.

I've tried everything I can think of, but can't figure out how to apply this just to the RDS but not at their local system. What am I missing?

You need to use Loopback Policy processing. Move the RDS server to a new OU. Link your "drive restriction" GPO to this OU. Configure Loopback Policy processing in this GPO to Replace or Merge mode (depending on whether you want to replace the users normal GPO settings with these GPO settings or merge the users normal GPO settings with these settings). I suspect you'll want Merge mode.

Now when a user logs on to the RDS server the User Configuration settings from the GPO linked to this OU will apply in addition to or in replacement of the users normal GPO settings. This way the drive restriction is only effective when logging on to the RDS server and not on their workstations.