Re: 2008 Questions
- From: Rob <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Apr 2008 12:29:01 -0700
I'm not worried about the user profile. I have it locked down to where you
click on teh start button and the only thing that shows is Log Off. I've
disabled the right-click feature. Nobody will be printing. We want the
single share user account because we don't want muliple profiles.
Our users are not tech savvy at all. We want the auto login so no one gets
confused or does anything they shouldn't.
"Vera Noest [MVP]" wrote:
OK, now I understand what you want..
I would strongly advice against using a single shared user account
for multiple users (=persons). You will encounter corruption of the
user profile, irratic changes in settings, printers, etc. Search
this newsgroup for "shared account" and you'll find a variety of
problems caused by such a setup.
And it's not going to give you any advantages either, assuming that
all users already have a personal unique user account in the
domain. You still have to use NTFS permissions and a restrictive
GPO to lock the server down, and that job is no different when
locking down for a single account or all user accounts in a
security group.
Here's a good starting point for locking down a TS:
Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo
wn.mspx
324036 - HOW TO: Use Software Restriction Policies in Windows
Server 2003
http://support.microsoft.com/?kbid=324036
and then use:
816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100
to prevent locking down administrators.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?Um9i?= <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 29 apr
2008 in microsoft.public.windows.terminal_services:
Let me re-phrase. I want my terminal server locked down so users
can't poke around the server, surf the internet, that kind of
thing. There are 3 different applications that they could run. I
want users to auto login using a specific user name but I want
to be able to remote in as myself for administration.
"Vera Noest [MVP]" wrote:
No. You wrote that you wanted the ".. server locked down so
that only the app can be run".
If your users need to run more than a single application, you
don't define a starting application.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?Um9i?= <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 28
apr 2008 in microsoft.public.windows.terminal_services:
Will this prevent the taskbar from showing? There are other
potential apps the users might be using and we want them to
be able to see the taskbar.
"Vera Noest [MVP]" wrote:
Define the application as the starting application in a
Group Policy, configure loopback processing of the GPO, and
then make sure that Administrators are not affected by the
application, by using security filtering.
User Computer Configuration - Administrative templates -
Windows Components - Terminal Services
"Start a program on connection"
Computer Configuration - Administrative Templates - System -
Group Policy
"User Group Policy loopback processing mode" - "Replace"
231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
816100 - How To Prevent Domain Group Policies from Applying
to Administrator Accounts and Selected Users in Windows
Server 2003 http://support.microsoft.com/?kbid=816100
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
=?Utf-8?B?Um9i?= <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 28
apr 2008 in microsoft.public.windows.terminal_services:
I have a couple of questions:
1. I would like to set up an auto login link for terminal
services. I have an app that I want to run but have the
server locked down so that only the app can be run. I know
I can set it up in TS Configuration but it prevents me
from logging in under my own credentials for admin
purposes. Is there another way I can set it up? I've also
tried saving the credentials in the link but it doesn't
stick. I would love to use RemoteApp but it just isn't
feasible at this time.
2. When logging in with the restricted user, the various
2008 splash screens come up. Is there a way to eliminate
them?
- Follow-Ups:
- Re: 2008 Questions
- From: Vera Noest [MVP]
- Re: 2008 Questions
- References:
- 2008 Questions
- From: Rob
- Re: 2008 Questions
- From: Vera Noest [MVP]
- Re: 2008 Questions
- From: Rob
- Re: 2008 Questions
- From: Vera Noest [MVP]
- Re: 2008 Questions
- From: Rob
- Re: 2008 Questions
- From: Vera Noest [MVP]
- 2008 Questions
- Prev by Date: Re: The user can't log on Terminal server
- Next by Date: Re: 2008 Questions
- Previous by thread: Re: 2008 Questions
- Next by thread: Re: 2008 Questions
- Index(es):
Loading
