Securing TS environment

G

Guest

I have users with thin clients connecting to a terminal server. I would like
to restrict some of the users to not be able to see the following:
-control panel, network neighborhood,Run buttons, drive letters etc.. There
are some users that like to "Play" and I would like to only allow these
particular users to have access to the applications that I have on their
desktops. How do I go about doing this? I don't want to restrict all users,
just a few.

Thanks
 
V

Vera Noest [MVP]

1. Create a security group called "Restricted Users" (or something
to your liking; this is not a preserved name)
2. Define a restrictive GPO, link it to the OU that contains your
Terminal Server, use "loopback processing" of the GPO with the
"Replace" option.
3. Edit the Security settings of the GPO, add the Terminal Server
computer account and the user group "Restricted Users" to the list
and give them "Read" and "Apply this GPO" rights. Make sure that
Administrators have "Deny" for "Apply this GPO" and remove
"Authenticated users" from the list

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

=?Utf-8?B?c3RvY2tjYXJzcnVz?=
 
G

Guest

Thanks Vera,

I do not however know where to do step 1 and step 2 and I guess 3 then. I
would need some detailed instructions if possible. I assume that this is
done on the domain controller, Active Directory Users and Computers... but
not sure.

Thanks
 
V

Vera Noest [MVP]

Yes, assuming you have an AD domain, create the security group for
restricted users in the AD. And that's also where you define GPOs.
You might want to do some reading on Group Policies, explaining
the ins and outs of GPOs is beyond the scope of this newsgroup.
And the articles I referenced contain already quite detailed info.

--
Vera Noest
MCSE,CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
*----------- Please reply in newsgroup -------------*

=?Utf-8?B?c3RvY2tjYXJzcnVz?=
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to hide programs from start menu for TS Users 1
TS licensing question 3
Terminal Server Per User/Group Permissions 1
Restricting TS Users to connect only to Local IP address 3
Internet Explorer enabling Javascript in TS environment 0
How to disable terminal server screen saver lock out in client 1
TS Clients editing TS registry 1
Hi Question about W2003 Terminal Server and Disconnect. 3

Top