Group Policy and TS

[Randy]

I have installed Terminal Services and am now trying to
restrict users privilages while working on the TS Server.
It is not a Domain Controler.

My problem is this. Users are now restricted even when
working on their local machines.

Ive created a new group called Remote Users, added the
user accounts to that group and gave that group the right
to log on locally to the TS Server. Created a new OU
Called TS OU. Applied a new GPO to that OU. Edited the GPO
per: 278295 - How to Lock Down a Windows 2000 Terminal
Services Session. Moved the TermServer computer object to
the TS OU. Moved the users to the TS OU.

Any help?

Thanks
Randy

 

[Mark]

Don't move the users into this OU, just the server. Open
the LOCAL group policy on the TS server and set "computer
configuration\administrative templates\system\group
policy\user group policy loopback mode" to enable. The
mode should be replace. Then set the GPO on the OU how you
want it.

This will lock down the server without affecting users on
their local workstations. Don't forget to make sure the
security on the OU GPO is set for domain admins\deny gpo.
Otherwise your admins will be locked down too.

 

[Nafiz Ahmed [MSFT]]

In addition to the OU policy wehre the TS will reside, you can also enable
loopback policy in the OU so that when users use TS session they will get
the restricted policy, and when they use the logon rom desktop they may get
another policy from the domain. You can look at the following article as
well:

How to Apply Group Policy Objects to Terminal Services Servers WGID:358
ID: 260370

Nafiz Ahmed

 

[Guest]

you state to open the LOCAL group policy, how do i do that?

 

[Buz [MSFT]]

Start\Run Type in gpedit.msc and press Ok.

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.