I have a question regarding a mixed domain of NT and 2000 servers. It may be a very simple question for most everyone else, if so, excuse my ignorance. I am setting up a W2000 Terminal Server in the NT 4 domain. The PDC is an SBS 4.5 box. I would like to set the security on the terminal server box only for things like no access to selected folders, no access to the control panel and other basic stuff. From my limited experience, this can be done several ways, Local Policy, Group Policy and NT policy.

We have only one domain, and several different servers. I would like to keep this as simple as possible. I have never set any specific policies on the SBS box, because it worked well "out of the box", consequently have not worked with NT policy settings. I have played with the group policy setting in a previous installation , but thought that the domain had to be AD for it work.

The SBS box handles all login, mappings, etc for now.

I would like to only restrict the users who log in thru the SBS box when they access the w2000 ts serve. Currently, we have an icon you must click to get logged in to the TS side. So, here is my question:

Do I use the Local Policy in the w2000 terminal server to do this, or, the group policy in w2000 or, use nt's poledit on the SBS box? If I use the poledit feature on the SBS box, how do I pass the information to the 2000 ts box? Is this automatic? Thanks to all for your patience with another question.
Terry

Use Loopback policy processing on the 2000 Terminal Server:

231287 Loopback Processing of Group Policy
http://support.microsoft.com/?id=231287

260370 How to Apply Group Policy Objects to Terminal Services Servers
http://support.microsoft.com/?id=260370

278295 How to Lock Down a Windows 2000 Terminal Server Session
http://support.microsoft.com/?id=278295

198771 How to Lock Down Windows NT and Internet Explorer 4.01 Desktop
http://support.microsoft.com/?id=198771

143164 INF: How to Protect Windows NT Desktops in Public Areas
http://support.microsoft.com/?id=143164

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.



"Terry" <(E-Mail Removed)> wrote in message
news:39672712-A628-49CC-A4F0-(E-Mail Removed)...
> I have a question regarding a mixed domain of NT and 2000 servers. It may
be a very simple question for most everyone else, if so, excuse my
ignorance. I am setting up a W2000 Terminal Server in the NT 4 domain. The
PDC is an SBS 4.5 box. I would like to set the security on the terminal
server box only for things like no access to selected folders, no access to
the control panel and other basic stuff. From my limited experience, this
can be done several ways, Local Policy, Group Policy and NT policy.
>
> We have only one domain, and several different servers. I would like to
keep this as simple as possible. I have never set any specific policies on
the SBS box, because it worked well "out of the box", consequently have not
worked with NT policy settings. I have played with the group policy
setting in a previous installation , but thought that the domain had to be
AD for it work.
>
> The SBS box handles all login, mappings, etc for now.
>
> I would like to only restrict the users who log in thru the SBS box when
they access the w2000 ts serve. Currently, we have an icon you must click to
get logged in to the TS side. So, here is my question:
>
> Do I use the Local Policy in the w2000 terminal server to do this, or, the
group policy in w2000 or, use nt's poledit on the SBS box? If I use the
poledit feature on the SBS box, how do I pass the information to the 2000 ts
box? Is this automatic? Thanks to all for your patience with another
question.
> Terry
>