Re: Multiple Applications on TS

From: "Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Aug 2005 13:34:40 -0700

Why on earth would you want to maintain local accounts, as well as
domain accounts?
Users will hate it, because their 2 accounts are not synchronized
regarding settings and passwords, and you are giving yourself a lot
of extra work. And where are you going to store their home folders,
if they have local accounts? *Not* on the Terminal Server, I hope!

Unless you have a very good reason for this setup, I recommend very
strongly against it.

I've no experience with local accounts, so I can't really advice
you on this. But it doesn't surprise me that it doesn't work if you
logon with a local account. Local users will not even have
permission to *read* the GPO. Look at the Security Filtering of the
GPO, it will have a line saying "Authenticated Users".

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"=?Utf-8?B?ZGNhc3RlbGlubw==?="
<dcastelino@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 04 aug 2005 in
microsoft.public.windows.terminal_services:

> when i login as a test user on the domain,the group policy is in
> effect but when I try to login with the same test user(this is
> created locally on the Terminal Server) on the terminal
> server,the group policy is not in effect.Is group policy meant
> only for domain logins and not for local logins?I have already
> moved the TS Computer account in the OU where I applied the
> Group Policy but the local logins GP doesnt seem to work.I think
> I am missing something here.
>
> I would like my TS users to logon to the TS server and not to
> the domain.Any Suggestions..
>
> Thanks in advance
> DC
>
> "Vera Noest [MVP]" wrote:
>
>> No, you don't ask to much, this is a standard customization on
>> a Terminal Server.
>> Did you apply loopback processing of the GPO?
>>
>> I expect that you will get your custom desktop with the 2
>> shortcuts after applying loopback processing.
>> When you have achieved that, the next step will be to further
>> customize all settings with a test account, and then save the
>> user profile of the test account as the Default User profile on
>> the Terminal Server. That will ensure that all of your users
>> pick up a copy of the customized Default User profile as their
>> base profile when they connect for the first time.
>> So it's important that you *don't* let your users get access to
>> the TS before you are completely satisfied with all users
>> settings.
>>
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> "=?Utf-8?B?ZGNhc3RlbGlubw==?="
>> <dcastelino@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 03 aug 2005 in
>> microsoft.public.windows.terminal_services:
>>
>> > I creaetd a shared folder called desktop in the c drive of
>> > teh Terminal Server and copied the two shortcuts.Also created
>> > an OU called Terminal Services and moved the test TS Server
>> > in this OU.Ceated a Group Policy for Folder Redirection on
>> > Desktop pointing to this folder (desktop).When I log on to
>> > the Terminal Server, I dont see those two shortcuts. I see
>> > the default profile. I want my users to see only the 2
>> > shortcuts and nothing else (like My Computer,My Network
>> > Places,Recycle Bin,Internet Explorer or My Documents).Is that
>> > possible with Folder Redirction Group Policy or am I asking
>> > too much.I ran GPupdate but in vain.I dont see those two
>> > shortcuts which I copied onto the custom folder.Please help
>> >
>> > Thanks in advance
>> > DC
>> >
>> > "Vera Noest [MVP]" wrote:
>> >
>> >> If you want to deploy more than one application, you have to
>> >> let users logon to the desktop.
>> >>
>> >> But you can, and should, restrict what users can do on the
>> >> desktop of the server. An important step is to use a Group
>> >> Policy to redirect the Desktop folder to a custom desktop
>> >> folder. In this custom desktop folder, you put only those 2
>> >> shortcuts, and make the folder Read-Only.
>> >>
>> >> User Configuration - Windows Settings - Folder Redirection
>> >> Application Data
>> >> Desktop
>> >> My Documents
>> >> Start Menu
>> >>
>> >> 260370 - How to Apply Group Policy Objects to Terminal
>> >> Services Servers
>> >> http://support.microsoft.com/?kbid=260370
>> >>
>> >> 231287 - Loopback Processing of Group Policy
>> >> http://support.microsoft.com/?kbid=231287
>> >> _________________________________________________________
>> >> Vera Noest
>> >> MCSE, CCEA, Microsoft MVP - Terminal Server
>> >> TS troubleshooting: http://ts.veranoest.net
>> >> ___ please respond in newsgroup, NOT by private email ___
>> >>
>> >> "=?Utf-8?B?ZGNhc3RlbGlubw==?="
>> >> <dcastelino@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 02 aug 2005
>> >> in microsoft.public.windows.terminal_services:
>> >>
>> >> > Is it possible to have more than one application running
>> >> > on TS.For example,the current TS Installation is set to
>> >> > have users access one application (set in environment of
>> >> > the TS User).I am looking at like ...when a user logs in
>> >> > at the TS,he/she should see only the shortcuts of those
>> >> > applications and not the entire desktop..only those two
>> >> > shortcuts so that he/she can access those applications
>> >> > whenever the user wants.Forgive me if its a silly one,I am
>> >> > a newbie in TS. Thanks in advance.
.

Follow-Ups:
- Re: Multiple Applications on TS
  - From: dcastelino

References:
- Multiple Applications on TS
  - From: dcastelino
- Re: Multiple Applications on TS
  - From: Vera Noest [MVP]
- Re: Multiple Applications on TS
  - From: dcastelino
- Re: Multiple Applications on TS
  - From: Vera Noest [MVP]
- Re: Multiple Applications on TS
  - From: dcastelino

Prev by Date: Re: TS License server- continuing headache
Next by Date: Re: TS CAL Monitoring and Alerting
Previous by thread: Re: Multiple Applications on TS
Next by thread: Re: Multiple Applications on TS
Index(es):
- Date
- Thread

Relevant Pages

RE: Question regarding TS on a member server
... Please take a look at Group Policy to see if it permits the three user ... account to logon through Terminal Service. ... I have user accounts set up on the DC, ... | Yet when I log on remotely to the terminal server, ...
(microsoft.public.windows.terminal_services)
Question on using Groups for TS
... terminal server and have drop that terminal server into a secure OU. ... applied a group policy to that OU which consist of Computer and User ... I need to allow all these accounts to have access to the TS ... I have created a global group within my secure TS OU called "SecureTSUSers" ...
(microsoft.public.windows.terminal_services)
Working with Groups within TS
... terminal server and have drop that terminal server into a secure OU. ... applied a group policy to that OU which consist of Computer and User ... I need to allow all these accounts to have access to the TS ... I have created a global group within my secure TS OU called "SecureTSUSers" ...
(microsoft.public.windows.group_policy)
Working with Account, Groups and Group Policys?
... terminal server and have drop that terminal server into a secure OU. ... applied a group policy to that OU which consist of Computer and User ... I need to allow all these accounts to have access to the TS ... I have created a global group within my secure TS OU called "SecureTSUSers" ...
(microsoft.public.windows.server.general)
Re: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and
... using local accounts, one could easily boot to an alt OS and replace the SAM ... since the local admin owns the EFS ... > Regarding laptop security, you're in the same boat as the rest of us. ...
(Pen-Test)