Re: Group policy on 2000TS without a 2000 DC??
From: Cláudio Rodrigues (Claudio.Rodrigues_at_NOSPAM-Terminal-Services.NET)
Date: 05/05/04
- Next message: Steve S: "Re: Just ordered second server to run TS, help with setup?"
- Previous message: Mark Durrenberger: "Re: COM Add-in stops working for clients when updated"
- In reply to: Patrick Rouse [MVP]: "Re: Group policy on 2000TS without a 2000 DC??"
- Next in thread: Gregg Hill: "Re: Group policy on 2000TS without a 2000 DC??"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 5 May 2004 09:25:17 -0400
Directly on the .POL file. Just deny access to the users you do not want the
policy applied.
-- Cláudio Rodrigues Microsoft MVP Windows Technologies - Terminal Services http://www.terminal-services.net "Patrick Rouse [MVP]" <anonymous@discussions.microsoft.com> wrote in message news:0FD21AD9-F95B-4AAA-94E0-FA55BE34C934@microsoft.com... > Claudio, where do you do this? > > Patrick > > ----- Cláudio Rodrigues wrote: ----- > > Actually there are ways to filter. > If you deny read access to the groups you want on the local policy, it will > NOT be applied. It is not an elegant solution but it does work. > Also you can always use POLEDIT on the 2000 TS that is part of NT4 domains > and lock it down. It works just fine. > Make sure you get a nice .ADM (template) for the policies and load it on > POLEDIT. It will work and I have done this MANY times. > > > -- > Cláudio Rodrigues > > Microsoft MVP > Windows Technologies - Terminal Services > http://www.terminal-services.net > "Patrick Rouse [MVP]" <anonymous@discussions.microsoft.com> wrote in message > news:070D5BB7-5195-4C1B-A821-A92AFD51ACF1@microsoft.com... > > As you've discovered, local policies restrict everyone. There is no way > to filter by security group w/o Active Directory.. You may want to check > out products like triCerat Simplify Lockdown or Appsense Application > Manager. > >> http://www.workthin.com/tsao.htm > >> Patrick Rouse > > Microsoft MVP - Terminal Server > > http://www.workthin.com > >> ----- Gregg Hill wrote: ----- > >> Hello! > >> Is it possible to set up tight security on a Windows 2000 Terminal > Server > > that is only a member server in an NT4 domain? > >> I want to use local policy on the TS to restrict access and give > users one > > icon on the desktop (to the accounting program) and nothing on the > Start > > Menu except the "Log off" item. We tried it, but ended up restricting > > everyone, including the domain admin account. We set it back to the > basic > > setup for now. > >> We have an critical need to replace our Citrix server, but we haven't > gotten > > the OK yet (any day now) to build a Windows Server 2003 to take over > as the > > DC instead of the NT4 PDC. > >> Thank you for any help! > >> Gregg Hill > >>>
- Next message: Steve S: "Re: Just ordered second server to run TS, help with setup?"
- Previous message: Mark Durrenberger: "Re: COM Add-in stops working for clients when updated"
- In reply to: Patrick Rouse [MVP]: "Re: Group policy on 2000TS without a 2000 DC??"
- Next in thread: Gregg Hill: "Re: Group policy on 2000TS without a 2000 DC??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
