Re: User Sessions
- From: "TP" <tperson.knowspamn@xxxxxxxxxxxxxxx>
- Date: Fri, 1 Apr 2005 09:47:04 -0500
You can use gpedit.msc (Start-->Run-->gpedit.msc) to
set the policies, then deny the Administrators group access
to the %systemroot%\system32\GroupPolicy folder using
ntfs permissions.
Be careful with this approach, because if you make
strict policies without having a way to change
the permissions on the GroupPolicy folder you will need
to connect from another machine to change them, or
logon using an account that you had previously denied
access. For example, you could keep the GroupPolicy
folder properties window open until you are done
making your changes and then set the deny permission.
Another approach to consider is detailed here:
http://support.microsoft.com/kb/293655
Still another way would be to add the policies you
want to the user's registry when they logon. You
could put something in the logon script that checks
to see if they are a member of "Restricted Users",
and if so have it add the policies to their registry.
And finally, there are many third-party programs
that help with what you are trying to do. A couple
examples:
Manage-IT: www.99point9.com
WTSProfiles: www.terminal-services.net
Thanks.
-TP
"BarbS" <BarbS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:3EEF7AF8-3336-452F-B9E9-C9F98E2A6E42@xxxxxxxxxxxxxxxx
>I have users connecting to a stand-alone windows 2003 terminal server. Is
> there anyway to lockdown their sessions (ex. no icons on the desktop) without
> active directory. I want the administrator account to see icons on the
> desktop.
>
> Thank You.
.
- References:
- User Sessions
- From: BarbS
- User Sessions
- Prev by Date: Change User /install question
- Next by Date: Policies
- Previous by thread: User Sessions
- Next by thread: LICENSE SERVER NOT AVAILABLE
- Index(es):
Relevant Pages
|
