RE: lock down Terminal server
- From: qq <qq@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Dec 2009 08:44:01 -0800
Hi Ralph,
Thank you so much for your help. After a few month for working on another
projects, I am return on working the lock down Terminal server project again.
I tried to use your methord to setup. But it would not work. I tried to do a
testing configuration. What I do is following:
1. I created a new OU - TS Lockdown
2. I moved Terminal server to OU-TS Lockdown.
3. I created a new GPO -TS lockdown GPO wicih linked to OU-TS Lockdown. I
setup the following:
a. Computer Configuration\Administrative Templates\System\Group Golicy
Enable: User Group Policy loopback processing mode
I am using Replace mode
b. User Configruation\Administrative Templates\Start Menu & Taskbar
Enable: Remove Run Menu from Start Menu
For my understanding about your email, I thought that when I login from
Administrator, I should see Run from Strat Menu, but when I login from
regular user, the Run should be dispear, I could not see Run.
But, I am wrong, I could not see Run from Start Menu when I login from both
Administrator & regular user.
I want to have a GPO which just restrict regular user to login Termial
server, not Administrator.
Can you let me know how you setup GPO which you are using? Thanks a lot.
"Ralph" wrote:
.
Create a "TS lockdown" OU to place the TS into, rather than the users.
That's how I do it and it has worked fine for years. Admin users will not be
affected by the OU policy that is being applied to the TS, only non-admin
users will be affected and only when they login to computers that reside
within the OU that you create.
"qq" wrote:
Hi, thank you so much for your help.
You means that I should create a OU, then, create a Group Policy for the
OU, then, add the users to the OU. right?
The question is that if I do this, when the user login to anohter computer
or servers except TS, the user will still have the limit access to these
computers, right? I don't want to do it. I would like just limit access TS.
For another computers, I donot want to limit the users access them.
My TS OS is Windows 2003
Any idea? Do you have a step guide for me? thanks a lot.
"Geanina[MSFT]" wrote:
Hi!
You can use a combination of group policies to lock down a server:
gpedit.msc\User Config\Administrative Templates\Desktop, Start Menu etc.
What vesrion of OS are you running? We have other options avaolable with
Windows 2008 - RemoteApp publishing.
Thanks,
Geanina
"qq" wrote:
Hi All,
I have a Terminal server. I have a domain controller in anohter computer. I
setup users as domain users by using Active Directory. For allowing user
access the TS, I setup a group - TS group and setup local computer policy to
allow the group access the computer from the network.
By now, I am using Start program at logon to run an application when I setup
user Properties. So, when user Remote login TS, then, directly start the
application.
Becasue I have install one more applications in TS, and users will use three
applications when they login to TS. I want to lock down everything in TS
except put these three application icons on desktop. So, when users login TS,
just see three application icons on the desktop, and run them.
Can anybody help me out? Thanks a lot.
- Follow-Ups:
- RE: lock down Terminal server
- From: Vera Noest [MVP]
- RE: lock down Terminal server
- Prev by Date: EasyPrinting from WinCE
- Next by Date: Win2008 R2 ts
- Previous by thread: EasyPrinting from WinCE
- Next by thread: RE: lock down Terminal server
- Index(es):
Relevant Pages
|
