Lock down desktop on Terminal server

G

Guy Chan

I am building four Windows 2000 Terminal servers which
will all have the same type of applications that the users
presently have on their local desktops such as MS Office,
Notes clients, MIS, etc.

When remote users connect to anyone of the terminal
servers their desktop, it will run the network logon
script, network drive mapping and their network printer
mapping. The only thing i was trying to avoid is to carry
their local desktop profile to any terminal session. How
could i achieve it?

Thks,
Guy
 
G

Guy Chan

-----Original Message-----
Define a separate Terminal Server profile path in their user account.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup ---


.
Forgot to mention. I are not allowed to define a separate
Click to expand...
Terminal Server profile path in their user account which
makes my work difficult. One of the main reason, we have
different island of teminal servers which i manage, and
others being managed by another groups which have either
NT 4. TS and Win2k TS.

Thks,
Guy
 
V

Vera Noest [MVP]

But that must mean that all other groups of administrators have
the same problem as you have...
Could you agree on defining a local TS profile? I.e. a TS specific
profile path like C:\Profiles\%USERNAME%

That would work on both NT 4.0 TSE and W2K TS.

Also investigate what you can achieve by folder redirection of the
Start Menu, Desktop, My Documents and Application Data folders.
You can do this in a Group Policy, and if you use loopback
processing of this GPO, it won't affect the users normal domain
logon.

278295 - How to Lock Down a Windows 2000 Terminal Services Session
http://support.microsoft.com/?kbid=278295

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
 
G

Guest

Just want to thanks everybody for their opinion. Definetly
i will use any suggestions that were posted to see what i
can do.

That's is correct, the other group of Terminal servers
administrators will have the same issue once they upgrade
their servers to Win2k and join the 2000 domain. Presently
they are under old NT 4.0 domain and is using madatory
profile "Ntconfig.pol".

It is a big challenge since each zone will manage their
own TS within the OU assigned since each zone have
different applications running but any users will be
allowed to access any zones Terminal servers. The domain
administrator refuse to create a TS path for each account.

Cheers
Guy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Terminal server and deleting local profiles 1
set policy on 2003 terminal server 2
terminal service printing 1
Terminal Server roaming profiles 1
printing through terminal server 9
Windows 98 to 2003 terminal server problem 1
Lockdown desktop 2
Terminal Service session "blacks out" from W2K client 1

Top