Re: terminal server access on a domain controller
- From: John Bowden <JohnBowden@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 18 Jun 2007 15:21:00 -0700
I was too quick in saying that this worked, it's working but now when I log
this user in to their office desktop, I have the same restrictions - one of
them being that they can't access their local drives.
"John Bowden" wrote:
thanks for the information. that worked.
"Vera Noest [MVP]" wrote:
Disclaimer: I haven't tested this on a DC.
The mechanism to solve this problem is called "loopback
processing" of the GPO.
You'll find it here in your GP editor:
Computer Configuration - Administrative Templates - System -
Group Policy
"User Group Policy loopback processing mode" - "Replace"
231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
Note that using the policy setting to hide the local drives is just
a cosmetic thing. It does *not* provide any security and it does
*not* lock your users out of the local drives. They will still show
up in nearly every programs "Save as.." or "File Open.." dialog, as
well as from a command window.
So be sure that you check your NTFS permissions on the file system,
and whatever you do, do not give these users elevated user rights.
And besides the CALs, you will need TS CALs as well.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?Sm9obiBCb3dkZW4=?=
<JohnBowden@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 18 jun 2007 in
microsoft.public.windows.terminal_services:
I have a site that has purchased one server. We have since
discovered that we need a few of the users to access the server
remotely using RDP through terminal services. Now I know that
it's not a good idea to run terminal services on a domain
controller but for now, it needs to be done until they can
afford another server. The server is running 2003 standard
server and has 5 user cals installed.
I would like to set up two users that need remote access to
allow them to use thier computers in the office and when they
are out of the office, they need remote access. I have set up
the GPO for terminal services and it works fine when they are
out but unfortunatly, it locks them out of their local computer
when they are in the office. Things such as not being able to
access their local drive because I've restricted them from
accessing the server local drives are some of the problems.
I've put the GPO in the domain controller list but the user
settings are what I need to figure out how to enable ONLY when
they log in remotely. I don't know how I can do this.
Can anyone help out?
Thanks
- Follow-Ups:
- Re: terminal server access on a domain controller
- From: Vera Noest [MVP]
- Re: terminal server access on a domain controller
- References:
- Re: terminal server access on a domain controller
- From: Vera Noest [MVP]
- Re: terminal server access on a domain controller
- From: John Bowden
- Re: terminal server access on a domain controller
- Prev by Date: Re: add add'l TS device cals to exiting TS server
- Next by Date: Re: terminal server access on a domain controller
- Previous by thread: Re: terminal server access on a domain controller
- Next by thread: Re: terminal server access on a domain controller
- Index(es):
Relevant Pages
|
