Re: Local Machine vs. Domain Group Policy
- From: "mg" <mglenn_1@xxxxxxxxxxx>
- Date: Sun, 5 Mar 2006 16:24:39 -0500
Now I know what it feels like to be a ant getting run over by an 18 wheeler.
[LOL] Seriously, I'm amazed by the high level of expertise encountered in
these newsgroups.
But Joe, is it accurate to lump enterprise Terminal Services policy in with
"special little needs of every little occasion"? I agree that Microsoft best
practice recommendations may not always apply in the real world, but the
real world assessment works both ways. I doubt if most IT shops can afford
to model their practices after an enormous organization with expensive
add-on tools, consultants and 4 or 5 dedicated domain admins who have time
for relaxing 3-hour lunches in part because they say "no" to everything that
might result in more work in their part.
Maybe we should start another post on how dumb I am for trying to win
debating points against someone vastly more experienced--especially given
that we have long lines of indigent patients backing up due to slow
application response time. Our pharmacies are begging for TS to be
implemented (I demonstrated how much faster it is during testing).
I'm ready to do whatever will get those patients their medicine without
unnecessarily endangering our network. I got caught up in defending the
domain policy approach partly because I've spent just about all the time I
can afford researching that approach. I don't know which way to go anymore.
Can you or anyone help with a few small details concerning the local policy
approach? I've used gpedit.mcs to create local machine policy. Is this the
correct tool for creating the TS lockdown policies? (I installed the new
Group Policy Management Console, but I don't see any obvious way to use this
for creating local machine policy.) We should use computer-level policy or
user-level or both? Exactly how would you save and copy this policy template
to another machine?
Because no one else in our department has time, I've been reading about
terminal services, group policy and AD at night over the last two weeks. I
have a strong IT background, but little hands on experience with these
specific technologies. Someone posted a knowledge base reference for
creating a local "deny apply" rule to allow remote admin access to the
Terminal Server, so I'll be reading that tonight.
Thanks to everyone for helping.
.
- References:
- Re: Local Machine vs. Domain Group Policy
- From: Joe Richards [MVP]
- Re: Local Machine vs. Domain Group Policy
- From: Joe Richards [MVP]
- Re: Local Machine vs. Domain Group Policy
- Prev by Date: Re: upgrade 2000 DC to 2003 R2 DC
- Next by Date: Re: PwdLastSet
- Previous by thread: Re: Local Machine vs. Domain Group Policy
- Next by thread: Re: Restoring Active Directory domain
- Index(es):
Relevant Pages
|
