Sign in with
Sign up | Sign in
Your question

user rights

Last response: in Windows 2000/NT
Share
Anonymous
February 10, 2005 1:05:11 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

I have just finished installing a windows server 2003, configured to become
a Terminal Server. Remote desktop users are able to connect, but i am still
wondering about the best way to limit the users environment. Should this
machine, since it isn't a domain controller inherit policies to create a
foolproof desktop or should the local policy editor be used? I'm anxious to
hear about specific knowledge base info on this, anyone?

More about : user rights

Anonymous
February 10, 2005 1:05:12 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

Assuming you run AD, I would configure the server by means of Group
Policy Objects.
Put the Terminal Server in a separate OU, and the user accounts and
client computer accounts somewhere else. Create your restrictive
GPO and link it to the OU that contains the TS. Make sure you
configure this GPO with "Loopback processing" and the "Replace"
option.
This ensures that users are restricted when they logon to the TS,
but not when they logon to their workstation.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100

More recommended reading:
Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/technet/prodtechnol/windowsser...
nologies/terminal/trmlckd.mspx

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

"b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
microsoft.public.windowsnt.terminalserver.setup:

> I have just finished installing a windows server 2003,
> configured to become a Terminal Server. Remote desktop users are
> able to connect, but i am still wondering about the best way to
> limit the users environment. Should this machine, since it isn't
> a domain controller inherit policies to create a foolproof
> desktop or should the local policy editor be used? I'm anxious
> to hear about specific knowledge base info on this, anyone?
Anonymous
February 10, 2005 2:31:14 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

Thanks very much. Your reply contains all the information I was looking for,
great.

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> schreef in bericht
news:Xns95F8EA2BE31DBveranoesthemutforsse@207.46.248.16...
> Assuming you run AD, I would configure the server by means of Group
> Policy Objects.
> Put the Terminal Server in a separate OU, and the user accounts and
> client computer accounts somewhere else. Create your restrictive
> GPO and link it to the OU that contains the TS. Make sure you
> configure this GPO with "Loopback processing" and the "Replace"
> option.
> This ensures that users are restricted when they logon to the TS,
> but not when they logon to their workstation.
>
> 260370 - How to Apply Group Policy Objects to Terminal Services
> Servers
> http://support.microsoft.com/?kbid=260370
>
> 231287 - Loopback Processing of Group Policy
> http://support.microsoft.com/?kbid=231287
>
> 816100 - How To Prevent Domain Group Policies from Applying to
> Administrator Accounts and Selected Users in Windows Server 2003
> http://support.microsoft.com/?kbid=816100
>
> More recommended reading:
> Locking Down Windows Server 2003 Terminal Server Sessions
> http://www.microsoft.com/technet/prodtechnol/windowsser...
> nologies/terminal/trmlckd.mspx
>
> --
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> http://hem.fyristorg.com/vera/IT
> --- please respond in newsgroup, NOT by private email ---
>
> "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
> microsoft.public.windowsnt.terminalserver.setup:
>
>> I have just finished installing a windows server 2003,
>> configured to become a Terminal Server. Remote desktop users are
>> able to connect, but i am still wondering about the best way to
>> limit the users environment. Should this machine, since it isn't
>> a domain controller inherit policies to create a foolproof
>> desktop or should the local policy editor be used? I'm anxious
>> to hear about specific knowledge base info on this, anyone?
>
Anonymous
February 10, 2005 5:42:01 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

Graag gedaan!

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

"b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
microsoft.public.windowsnt.terminalserver.setup:

> Thanks very much. Your reply contains all the information I was
> looking for, great.
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
> schreef in bericht
> news:Xns95F8EA2BE31DBveranoesthemutforsse@207.46.248.16...
>> Assuming you run AD, I would configure the server by means of
>> Group Policy Objects.
>> Put the Terminal Server in a separate OU, and the user accounts
>> and client computer accounts somewhere else. Create your
>> restrictive GPO and link it to the OU that contains the TS.
>> Make sure you configure this GPO with "Loopback processing" and
>> the "Replace" option.
>> This ensures that users are restricted when they logon to the
>> TS, but not when they logon to their workstation.
>>
>> 260370 - How to Apply Group Policy Objects to Terminal Services
>> Servers
>> http://support.microsoft.com/?kbid=260370
>>
>> 231287 - Loopback Processing of Group Policy
>> http://support.microsoft.com/?kbid=231287
>>
>> 816100 - How To Prevent Domain Group Policies from Applying to
>> Administrator Accounts and Selected Users in Windows Server
>> 2003 http://support.microsoft.com/?kbid=816100
>>
>> More recommended reading:
>> Locking Down Windows Server 2003 Terminal Server Sessions
>> http://www.microsoft.com/technet/prodtechnol/windowsser...
>> ech nologies/terminal/trmlckd.mspx
>>
>> --
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email ---
>>
>> "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
>> microsoft.public.windowsnt.terminalserver.setup:
>>
>>> I have just finished installing a windows server 2003,
>>> configured to become a Terminal Server. Remote desktop users
>>> are able to connect, but i am still wondering about the best
>>> way to limit the users environment. Should this machine, since
>>> it isn't a domain controller inherit policies to create a
>>> foolproof desktop or should the local policy editor be used?
>>> I'm anxious to hear about specific knowledge base info on
>>> this, anyone?
!