Archived from groups: microsoft.public.windowsnt.terminalserver.setup (
More info?)
Graag gedaan!
--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
"b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
microsoft.public.windowsnt.terminalserver.setup:
> Thanks very much. Your reply contains all the information I was
> looking for, great.
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
> schreef in bericht
> news:Xns95F8EA2BE31DBveranoesthemutforsse@207.46.248.16...
>> Assuming you run AD, I would configure the server by means of
>> Group Policy Objects.
>> Put the Terminal Server in a separate OU, and the user accounts
>> and client computer accounts somewhere else. Create your
>> restrictive GPO and link it to the OU that contains the TS.
>> Make sure you configure this GPO with "Loopback processing" and
>> the "Replace" option.
>> This ensures that users are restricted when they logon to the
>> TS, but not when they logon to their workstation.
>>
>> 260370 - How to Apply Group Policy Objects to Terminal Services
>> Servers
>>
http://support.microsoft.com/?kbid=260370
>>
>> 231287 - Loopback Processing of Group Policy
>>
http://support.microsoft.com/?kbid=231287
>>
>> 816100 - How To Prevent Domain Group Policies from Applying to
>> Administrator Accounts and Selected Users in Windows Server
>> 2003
http://support.microsoft.com/?kbid=816100
>>
>> More recommended reading:
>> Locking Down Windows Server 2003 Terminal Server Sessions
>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/t
>> ech nologies/terminal/trmlckd.mspx
>>
>> --
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>>
http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email ---
>>
>> "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
>> microsoft.public.windowsnt.terminalserver.setup:
>>
>>> I have just finished installing a windows server 2003,
>>> configured to become a Terminal Server. Remote desktop users
>>> are able to connect, but i am still wondering about the best
>>> way to limit the users environment. Should this machine, since
>>> it isn't a domain controller inherit policies to create a
>>> foolproof desktop or should the local policy editor be used?
>>> I'm anxious to hear about specific knowledge base info on
>>> this, anyone?