set group policy for users who both login to laptop as rdp server, how?

R

RO|_F

Hello,

We have SAP published via a remote desktop connection on our rdp servers.
We are going to set up laptop users to be member of active directory.
I will (have to!) set group policies on different OU's so that laptop users
don't get the same group policies that apply on the rdp servers.
Is this the (best) way to configure this:

create group 'rdp users'
create OU 'terminal servers'
create a GPO on this OU and apply the policy only to the group rdp users
make terminal users member of the 'rdp users' group

If this is a right set up, how can I prevent that a user that is not member
of the 'rdp users' group can login to a rdp server?

thanks for any help and regards,

Rolf
Utrecht, Netherlands
 
P

Paul Bergson

GPO's apply to users and machines. If you want to setup a gpo that is only
going to apply to certain users then place those users in this new ou and
apply this gpo to this ou. Otherwise you are going to have to take away
(NOT deny) the read and apply gpo permission for all users and provide read
and apply to the 'rdp users' group on the ou where these uses reside.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

how privilege terminal server policy above other policy? 1
How to set association for a file type to an application by GP 1
Win2003 GPO for Logon to Terminal Services 3
Vista RDP to Windows 2008 Server 1
Terminal server policy 1
adding files to users desktop with logon scripts/group policy 1
GPO IE Zone Mapping issue on TS 2
Security Filtering for specific "Links" instead of "GPO" 2

Top