lock down TS users

Y

Young

What's the best way to lock down Terminal Server users. I created Group
Policy and moved Terminal Server in to that OU and it locked everybody out
including Administrator.
Is there way to exclude Administrator? Locking by user account is not an
option. I only want to setup Group Policy on Terminal session.

Any idea would appreciated

Thanks,
 
V

Vera Noest [MVP]

You should do two things:

* apply "loopback processing" of the GPO to avoid locking down
desktops as well
* give Administrators "Deny" on the right to "Apply this policy",
but "Allow" on the Read and Write rights. This ensures that
Administrators will not be locked down by the GPO, but they can
still modify it.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Policy does not take effect 7
Sun Java Runtime problem in Terminal Session. 2
ts users logon 1
TS + roaming terminal users profiles 4
lockdown suggestions 2
Terminal Service Manager 2
IEAK6 Profile Manager System Policies & Restrictions - adm files& Win 2k group policy 1
TS Server Lockdown automation 1

Top