Re: Server 2003 Group Policies - Affecting Administrative Profile
- From: wideye <dstubbs@xxxxxxxxxxxxx>
- Date: Wed, 19 Sep 2007 19:10:20 -0000
On Sep 19, 1:44 pm, Johan Strange
<JohanStra...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
If you mean that a user logs onto a PC on the domain and also logs onto a TS
(which needs to be more secure) then the answer is to place the TS into its
own OU and apply a policy to the OU. This will not apply to the user when he
logs onto his PC locally. To prevernt the GPO applying to an Admin account
then remove the apply group policy right.
If I was you I would remove TS Access rights from the Administrator account
for any public facing TS... instead create a seperate account for
Administrator over RDP.
Hope I have understood you. I was not sure if you meant a user logs onto the
TS locally and also remotely requiring differnent policies ?
BRGDS
Johan
"wideye" wrote:
On Sep 19, 8:31 am, "Floris van Haaster" <florisN...@xxxxxxxxxxxx>
wrote:
You can create some OU's like:
Sales
Support
etc... then add the users/computers to the ou's.
And then create and attach GPO's to OU's.
A handy thing to use then is the Group Policy Management Console:http://www.microsoft.com.nsatc.net/downloads/details.aspx?FamilyId=0A...
Best regards
Floris van Haaster
Let me step back and provide a bit more detailed information because I
don't think my question was clearly conveyed. In our organization all
users have one account. This one account authenticates local "in
office" logins as well as remote logins. However, the GP for remote
logins needs to be more restrictive then the GP for local logins. So
the question is how can I have one account and two different GP's
(i.e. one GP for remote logins and one GP for local logins)?
Thanks!
"wideye" <dstu...@xxxxxxxxxxxxx> wrote in message
news:1190207712.804498.241480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I'm setting up a dedicated Terminal Server and I have a question
regarding local group policies in Windows Server 2003. Is there a way
to apply group policies to all user profiles aside from Administrator?
Obviously I want certain restrictions for user profiles that need not
apply to the administrative profile (Example: disabling access to the
control panel). Is there a way to specify which users GP's apply to?
Thanks,
Jordon,
Thanks for the prompt feedback! Our users sometimes work in the office
and sometimes work from home - I would like to have a GP for "in
office" access and a different GP for "remote" access. Currently, I
have OU's "siteA" and "siteB" and GP's for each OU. However, I don't
understand how I can have a TS OU and GP for users that already exist
in the "siteA" or "siteB" OU's.
Thanks again for the help.
.
- References:
- Server 2003 Group Policies - Affecting Administrative Profile
- From: wideye
- Re: Server 2003 Group Policies - Affecting Administrative Profile
- From: wideye
- Re: Server 2003 Group Policies - Affecting Administrative Profile
- From: Johan Strange
- Server 2003 Group Policies - Affecting Administrative Profile
- Prev by Date: Re: Slow copy from NT Domain to AD Domain
- Next by Date: Re: No DeskTop
- Previous by thread: Re: Server 2003 Group Policies - Affecting Administrative Profile
- Next by thread: Roaming Profiles and Redirected folders
- Index(es):
Relevant Pages
|
