Re: Server 2003 Group Policies - Affecting Administrative Profile

If you mean that a user logs onto a PC on the domain and also logs onto a TS
(which needs to be more secure) then the answer is to place the TS into its
own OU and apply a policy to the OU. This will not apply to the user when he
logs onto his PC locally. To prevernt the GPO applying to an Admin account
then remove the apply group policy right.

If I was you I would remove TS Access rights from the Administrator account
for any public facing TS... instead create a seperate account for
Administrator over RDP.

Hope I have understood you. I was not sure if you meant a user logs onto the
TS locally and also remotely requiring differnent policies ?

BRGDS

Johan

"wideye" wrote:

On Sep 19, 8:31 am, "Floris van Haaster" <florisN...@xxxxxxxxxxxx>
wrote:
You can create some OU's like:

Sales
Support

etc... then add the users/computers to the ou's.
And then create and attach GPO's to OU's.

A handy thing to use then is the Group Policy Management Console:http://www.microsoft.com.nsatc.net/downloads/details.aspx?FamilyId=0A...

Best regards

Floris van Haaster


Let me step back and provide a bit more detailed information because I
don't think my question was clearly conveyed. In our organization all
users have one account. This one account authenticates local "in
office" logins as well as remote logins. However, the GP for remote
logins needs to be more restrictive then the GP for local logins. So
the question is how can I have one account and two different GP's
(i.e. one GP for remote logins and one GP for local logins)?

Thanks!




"wideye" <dstu...@xxxxxxxxxxxxx> wrote in message

news:1190207712.804498.241480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hello,
I'm setting up a dedicated Terminal Server and I have a question
regarding local group policies in Windows Server 2003. Is there a way
to apply group policies to all user profiles aside from Administrator?
Obviously I want certain restrictions for user profiles that need not
apply to the administrative profile (Example: disabling access to the
control panel). Is there a way to specify which users GP's apply to?

Thanks,



.

Relevant Pages

  • Re: Server 2003 Group Policies - Affecting Administrative Profile
    ... This one account authenticates local "in ... office" logins as well as remote logins. ... (i.e. one GP for remote logins and one GP for local logins)? ... Obviously I want certain restrictions for user profiles that need not ...
    (microsoft.public.windows.server.general)
  • Re: Changing security authentication type.
    ... i'm thinking that yes in time the sa account will ... Create one or more logins for the applications. ... for each database. ... , you really have no security for your ...
    (microsoft.public.sqlserver.security)
  • Re: Server 2003 Group Policies - Affecting Administrative Profile
    ... If I was you I would remove TS Access rights from the Administrator account ... office" logins as well as remote logins. ...
    (microsoft.public.windows.server.general)
  • Re: SQLDTS Transfer File Task
    ... E.g. 20 logins. ... run the logins expire in 5 days. ... Can anyone confirm whether SQLDTS transfer File task uses a single ... I would like the account to last as long as possible (its not actually ...
    (microsoft.public.sqlserver.dts)
  • Re: Account Login
    ... > account. ... I have found several logins that were preceeded by login ... can get into a computer running any operating system. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast