RE: Running TS on DC

Just an idea, but create a GPO that will apply to the server:

User Configuration - Windows Settings - Internet Explorer Maintenance -
Security - Security Zones and Content Ratings

You can make adjustments to what is allowed for Internet Zones on Custom
Levels for what is allowed and what is not, it will also allow you to add
entries to Trusted Zones, etc. Look through all of those settings and you
can force the same settings to all that logs into it. I had to add our banks
cash management web app to this GPO to apply to all users logged in and it
works great.

Must make sure Internet Explorer Enhanced Security Configuration is
uninstalled or the settings will not be applied.


"mouse" wrote:

We have a DC that is running terminal services on it. It has to be this way
as the client cant afford two machines to split the roll. we have
implemented loop back policy (ts-computer) and user policy (ts-user) in
group policy management to lock the users down with great effect.

we have made changes to the secpol.msc "allow login through terminal
services" to enable user account to login to the Dc/terminal server.

Everything works well on this server when logging in as a user (ms office,
accounting software, lob app, printing etc) except for IE 7.x which refuses
to run javascript (bank site pop up windows for example) when logged in as
administrator, there are no issues with IE 7.

we have disaabled the custom gpo's so that they dont interfere with the
default user rights and this has no effect. we also created a new OU (under
the domain OU) and this also had no effect.

we have spent ages modifying gpo settings for IE (lowering all the security
settings. basically enable to everything to the point where IE says its not
safe...) and it makes no difference.

is the issue likly to be the propogation of the DC gpo to our cutom gpo's/OU
?

whats the best way to approach running ts on a single server for a whole
office and still be able to lock the users down so they dont vandalise the
system with out the expence of a second server to be the DC.

charles.







.

Relevant Pages

  • RE: IE Security Group Policy
    ... username and password to access the Companyweb and the GPO did not apply on ... In the Security filtering of the GPO, please select the user account or ... Step 2: Check the IIS settings on the SBS Server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with NT4 domain trusting W2003 domain
    ... | implemented the settings you suggested in the "default domain controller ... | GPO" and not in the local GPO, and verified with GPMC that they are ... |> suspect there are some settings in security options caused this problem, ...
    (microsoft.public.windows.server.migration)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: GPO Update Problem (SYSVOL access via UNC)
    ... > Server Security and Auditing Policy ... > This list only includes links in the domain of the GPO. ... > The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.win2000.group_policy)
  • Re: Getting desperate: GPO applying incorrectly, PLEASE HELP ME!!
    ... all the settings for lockdown in it. ... I think you are on to something with the linking of the GPO. ... > OU to which the loopback GPO is linked, ... > OU you placed the TS server, and you set loopback on in replace ...
    (microsoft.public.windows.group_policy)
Loading