RE: Group Policy Local drives
- From: Daniel <Daniel@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 23 Apr 2008 07:54:00 -0700
Thanks for your response but one thing comes to mind. The terminal server
needs to be locked down to the point that users can't hardly change anything.
If I add the user to a group and when they log into there normal computer,
then this policy will apply to them. Is this correct? The users can have
full access (power user permissions) to there normal desktop just not on the
Terminal Server. In fact, they use the same credentials for both. Will this
conflict with each other?
Thanks again.
"bsweeney1977" wrote:
Sure. You could use diametric policies and security filtering....
1. Create a GPO that configures RDP for your regular computer users. We'll
call it "RDPForWorkstationUsers"
2. Create a security group called "WorkstationUsers".
3. Using the GPMC, configure security filtering for the GPO so that the
policy only applies to users in the "WorkstationUsers" security group.
4. Create a GPO that configures RDP for your regular computer users. We'll
call it "RDPForCDUsers"
5. Create a security group called "CDUsers".
6. Using the GPMC, configure security filtering for the GPO so that the
policy only applies to users in the "WorkstationUsers" security group.
7. Add each user to the appropriate group.
There, you're done. When members of the "WorkstationUsers" group sign in,
they will be affected by the "RDPForWorkstationUsers" policy, and when
members of the "CDUsers" group sign in then they will be affected by the
"RDPForCDUsers" policy.
NOTE 1: Keep in mind that if a user is not a part of either group then
neither policy will apply.
NOTE 2: If a user is part of both groups then its a roll of the dice, since
whichever policy is processed LAST will be the policy used. You can get
around this by picking one of the two policies in the GPMC and setting it to
ENFORCE. This forces the policy to be processed LAST.
Hope this helps.
"Daniel" wrote:
Ok, here is my problem.
We have users who log into a terminal server to do there normal daily
duties. We have two ways of people logging into the terminal server. One
way being the user logs into there normal desktop and then double clicking
the shortcut for remote desktop. The other way is a user booting from a CD
that I have put together. These computers do NOT have hard drives in them
which means "no local drive access".
With the computers that double click on the Remote Desktop icon, I want them
to be able to use their local disk drives. As you check local disk drives
under the options in Remote Desktop settings, this setting does not work
since I have block access using group policy because of my " CD " users.
Is there a way two have users who are using the Remote Desktop shortcut to
use their local disk drives and still be able to prevent users from accessing
the Servers local disk drives?
- Follow-Ups:
- RE: Group Policy Local drives
- From: Bryan Sweeney
- RE: Group Policy Local drives
- References:
- Group Policy Local drives
- From: Daniel
- RE: Group Policy Local drives
- From: bsweeney1977
- Group Policy Local drives
- Prev by Date: Re: DCPROMO does not work
- Next by Date: Re: Problem on windows 2003 with trust.
- Previous by thread: RE: Group Policy Local drives
- Next by thread: RE: Group Policy Local drives
- Index(es):
Relevant Pages
|
