J
John R. Bennett
I have a W2K server running AD and Terminal Services.
I am running a mixed client environment of Windows 98, W2K and WXP systems.
I have a group policy (Terminal Users) in place that is specifically
designed for the Terminal Server users that limits user rights when they are
actively using the Terminal Server.
I don't have roaming profiles enabled.
Here's the problem, I had to rebuild a failed W2K workstation the other day
and ever since, the group policy that I created for the Terminal Server
users is now overriding the default login on the workstation itself. What I
mean is that the limitations that I have imposed when you connect to the
Terminal Server are now filtering down to the actual client desktop as well
(meaning that they are no longer administrators on their machines, can't
install software, can't access certain parts of the system, etc.). I have
tried adjusting the security settings to allow this but nothing works, they
still get the Terminal Server policy settings. These are the first W2K OS
reinstallations that have taken place since the Terminal Server was
installed.
This didn't happen before, the user could login to their workstation and the
policy wouldn't affect them unless they connected to the Terminal Server.
If I take the user out of the Group Policy (Terminal Users) and just add
them to "Users" in the Active Directory then the settings on their
workstation are back to how they should be but when they login to the
Terminal Server they now have too much access because the Group Policy
doesn't apply to normal network users (i.e. they can see menu items that
they shouldn't access, access to the local drives, control panel, etc.).
I'm not sure how this happened but I have two other W2K users who aren't
affected, it seems like this happened because it was a brand new machine to
the system. I have verified this by going to one of the existing Windows
2000 machines and logging in as the same user that I had problems with and
the Terminal Server policy is not passed to that machine.
Windows 98 machines are not affected.
Basically, what I would like to do is have the Terminal Server group policy
in place but not have it affect the user when they logon to their machine
locally. Should I create a separate policy for an individual Terminal
Server user and specify it under their Terminal Server profile settings? Is
this possible?
Thanks in advance for any help!
John Bennett
I am running a mixed client environment of Windows 98, W2K and WXP systems.
I have a group policy (Terminal Users) in place that is specifically
designed for the Terminal Server users that limits user rights when they are
actively using the Terminal Server.
I don't have roaming profiles enabled.
Here's the problem, I had to rebuild a failed W2K workstation the other day
and ever since, the group policy that I created for the Terminal Server
users is now overriding the default login on the workstation itself. What I
mean is that the limitations that I have imposed when you connect to the
Terminal Server are now filtering down to the actual client desktop as well
(meaning that they are no longer administrators on their machines, can't
install software, can't access certain parts of the system, etc.). I have
tried adjusting the security settings to allow this but nothing works, they
still get the Terminal Server policy settings. These are the first W2K OS
reinstallations that have taken place since the Terminal Server was
installed.
This didn't happen before, the user could login to their workstation and the
policy wouldn't affect them unless they connected to the Terminal Server.
If I take the user out of the Group Policy (Terminal Users) and just add
them to "Users" in the Active Directory then the settings on their
workstation are back to how they should be but when they login to the
Terminal Server they now have too much access because the Group Policy
doesn't apply to normal network users (i.e. they can see menu items that
they shouldn't access, access to the local drives, control panel, etc.).
I'm not sure how this happened but I have two other W2K users who aren't
affected, it seems like this happened because it was a brand new machine to
the system. I have verified this by going to one of the existing Windows
2000 machines and logging in as the same user that I had problems with and
the Terminal Server policy is not passed to that machine.
Windows 98 machines are not affected.
Basically, what I would like to do is have the Terminal Server group policy
in place but not have it affect the user when they logon to their machine
locally. Should I create a separate policy for an individual Terminal
Server user and specify it under their Terminal Server profile settings? Is
this possible?
Thanks in advance for any help!
John Bennett