Re: Applying GP to terminal server sessions

Actually its not for normal users.

I have a policy that anyone who is a member of the domain admins group
(restricted to 4 people plus service accounts) will have a policy applied to
them that causes the password screen saver to come up after 4 minutes. This
is to prevent someone from coming behind us if we are working on several
machines. Now for the actual desktop i am working from, this is actually
preferable. But for those of us system admins on 5 or 6 terminal server
(remote admin actually) sessions, having those session lock, too, is quite
annoying.

So i am trying to develop a way to have policy apply only to real direct
connections and not to the myriad terminal server sessions i use on a day to
day basis.

"Jeff Pitsch" wrote:

Exactly how many users do you have connecting through the console to
your servers? Why would normal users be connecting at the console at all?

Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

Daren Daigle wrote:
Yes, i already do that for my main line terminal servers. But you miss the
point.

If you apply a policy that way, then you apply it to the server despite the
method of connection to it. IE, using some discriminator such as a WMI
filter or something or a transient group security object or something to make
the determining factor for whether a policy is applied.

In simplistic terms, there must be a way to determine you are IN a terminal
server session when group policies start applying to the user.

"Daren Daigle" wrote:

Ok, i know how to apply group policies to terminal servers. What i am trying
to do, is to apply a policy that affects people in a terminal server session.

IE, a server is in remote admin mode, not application mode.

i have a policy i want to apply to that server if i am logged on at the
console. But if i am logged on to a terminal server session i do not want it
to apply.

one good example of this, is a logon screen saver. To turn it off in a
session but not on the console.

Anyone have any ideas on how to accomplish this?

.

Relevant Pages

  • Re: Applying GP to terminal server sessions
    ... i have a policy i want to apply to that server if i am logged on at the console. ... But if i am logged on to a terminal server session i do not want it to apply. ... If Policy is only intended for a dedicated user group you should create a security group and assign the GPO under the Security Settings. ...
    (microsoft.public.windows.terminal_services)
  • Re: Problem logging onto TS via RWW
    ... locally" and "Allow log on through Terminal Services" on the local Security ... Policy on the terminal server box as I requested in my previous post. ... Remote Desktop Users Group. ...
    (microsoft.public.windows.server.sbs)
  • Re: Getting desperate: GPO applying incorrectly, PLEASE HELP ME!!
    ... OU to which the loopback GPO is linked, ... So, you have a new OU and a new GPO linked to it, and in this ... is in the computer tree of policy settings. ... > the terminal server as the only thing in it, then set up a new restricted ...
    (microsoft.public.windows.group_policy)
  • Re: Securing Microsoft Windows 2000 Terminal Services with Terminal S ervices Advanced Client (TSAC)
    ... you can implement a local machine policy ... Remove the main admin account from the Users group ... that only allows certain people to logon locally to the Terminal Server, ...
    (Focus-Microsoft)
  • RE: Group Policy Local drives
    ... The terminal server ... Create a security group called "WorkstationUsers". ... policy only applies to users in the "WorkstationUsers" security group. ... to be able to use their local disk drives. ...
    (microsoft.public.windows.server.active_directory)