Re: Securing TS environment

From: Vera Noest [MVP] (vera.noest_at_remove-this.hem.utfors.se)
Date: 12/08/04 

Date: Wed, 08 Dec 2004 13:31:56 -0800

1. Create a security group called "Restricted Users" (or something
to your liking; this is not a preserved name)
2. Define a restrictive GPO, link it to the OU that contains your
Terminal Server, use "loopback processing" of the GPO with the
"Replace" option.
3. Edit the Security settings of the GPO, add the Terminal Server
computer account and the user group "Restricted Users" to the list
and give them "Read" and "Apply this GPO" rights. Make sure that
Administrators have "Deny" for "Apply this GPO" and remove
"Authenticated users" from the list

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100

 --
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
 --- please respond in newsgroup, NOT by private email ---

=?Utf-8?B?c3RvY2tjYXJzcnVz?=
<stockcarsrus@discussions.microsoft.com> wrote on 08 dec 2004 in
microsoft.public.win2000.termserv.clients:

> I have users with thin clients connecting to a terminal server.
> I would like to restrict some of the users to not be able to see
> the following: -control panel, network neighborhood,Run buttons,
> drive letters etc.. There are some users that like to "Play" and
> I would like to only allow these particular users to have access
> to the applications that I have on their desktops. How do I go
> about doing this? I don't want to restrict all users, just a
> few.
>
> Thanks

Loading