user rights

Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

I have just finished installing a windows server 2003, configured to become
a Terminal Server. Remote desktop users are able to connect, but i am still
wondering about the best way to limit the users environment. Should this
machine, since it isn't a domain controller inherit policies to create a
foolproof desktop or should the local policy editor be used? I'm anxious to
hear about specific knowledge base info on this, anyone?
3 answers Last reply
More about user rights
  1. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Assuming you run AD, I would configure the server by means of Group
    Policy Objects.
    Put the Terminal Server in a separate OU, and the user accounts and
    client computer accounts somewhere else. Create your restrictive
    GPO and link it to the OU that contains the TS. Make sure you
    configure this GPO with "Loopback processing" and the "Replace"
    option.
    This ensures that users are restricted when they logon to the TS,
    but not when they logon to their workstation.

    260370 - How to Apply Group Policy Objects to Terminal Services
    Servers
    http://support.microsoft.com/?kbid=260370

    231287 - Loopback Processing of Group Policy
    http://support.microsoft.com/?kbid=231287

    816100 - How To Prevent Domain Group Policies from Applying to
    Administrator Accounts and Selected Users in Windows Server 2003
    http://support.microsoft.com/?kbid=816100

    More recommended reading:
    Locking Down Windows Server 2003 Terminal Server Sessions
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/tech
    nologies/terminal/trmlckd.mspx

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
    microsoft.public.windowsnt.terminalserver.setup:

    > I have just finished installing a windows server 2003,
    > configured to become a Terminal Server. Remote desktop users are
    > able to connect, but i am still wondering about the best way to
    > limit the users environment. Should this machine, since it isn't
    > a domain controller inherit policies to create a foolproof
    > desktop or should the local policy editor be used? I'm anxious
    > to hear about specific knowledge base info on this, anyone?
  2. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Thanks very much. Your reply contains all the information I was looking for,
    great.

    "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> schreef in bericht
    news:Xns95F8EA2BE31DBveranoesthemutforsse@207.46.248.16...
    > Assuming you run AD, I would configure the server by means of Group
    > Policy Objects.
    > Put the Terminal Server in a separate OU, and the user accounts and
    > client computer accounts somewhere else. Create your restrictive
    > GPO and link it to the OU that contains the TS. Make sure you
    > configure this GPO with "Loopback processing" and the "Replace"
    > option.
    > This ensures that users are restricted when they logon to the TS,
    > but not when they logon to their workstation.
    >
    > 260370 - How to Apply Group Policy Objects to Terminal Services
    > Servers
    > http://support.microsoft.com/?kbid=260370
    >
    > 231287 - Loopback Processing of Group Policy
    > http://support.microsoft.com/?kbid=231287
    >
    > 816100 - How To Prevent Domain Group Policies from Applying to
    > Administrator Accounts and Selected Users in Windows Server 2003
    > http://support.microsoft.com/?kbid=816100
    >
    > More recommended reading:
    > Locking Down Windows Server 2003 Terminal Server Sessions
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/tech
    > nologies/terminal/trmlckd.mspx
    >
    > --
    > Vera Noest
    > MCSE, CCEA, Microsoft MVP - Terminal Server
    > http://hem.fyristorg.com/vera/IT
    > --- please respond in newsgroup, NOT by private email ---
    >
    > "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
    > microsoft.public.windowsnt.terminalserver.setup:
    >
    >> I have just finished installing a windows server 2003,
    >> configured to become a Terminal Server. Remote desktop users are
    >> able to connect, but i am still wondering about the best way to
    >> limit the users environment. Should this machine, since it isn't
    >> a domain controller inherit policies to create a foolproof
    >> desktop or should the local policy editor be used? I'm anxious
    >> to hear about specific knowledge base info on this, anyone?
    >
  3. Archived from groups: microsoft.public.windowsnt.terminalserver.setup (More info?)

    Graag gedaan!

    --
    Vera Noest
    MCSE, CCEA, Microsoft MVP - Terminal Server
    http://hem.fyristorg.com/vera/IT
    --- please respond in newsgroup, NOT by private email ---

    "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
    microsoft.public.windowsnt.terminalserver.setup:

    > Thanks very much. Your reply contains all the information I was
    > looking for, great.
    >
    > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se>
    > schreef in bericht
    > news:Xns95F8EA2BE31DBveranoesthemutforsse@207.46.248.16...
    >> Assuming you run AD, I would configure the server by means of
    >> Group Policy Objects.
    >> Put the Terminal Server in a separate OU, and the user accounts
    >> and client computer accounts somewhere else. Create your
    >> restrictive GPO and link it to the OU that contains the TS.
    >> Make sure you configure this GPO with "Loopback processing" and
    >> the "Replace" option.
    >> This ensures that users are restricted when they logon to the
    >> TS, but not when they logon to their workstation.
    >>
    >> 260370 - How to Apply Group Policy Objects to Terminal Services
    >> Servers
    >> http://support.microsoft.com/?kbid=260370
    >>
    >> 231287 - Loopback Processing of Group Policy
    >> http://support.microsoft.com/?kbid=231287
    >>
    >> 816100 - How To Prevent Domain Group Policies from Applying to
    >> Administrator Accounts and Selected Users in Windows Server
    >> 2003 http://support.microsoft.com/?kbid=816100
    >>
    >> More recommended reading:
    >> Locking Down Windows Server 2003 Terminal Server Sessions
    >> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/t
    >> ech nologies/terminal/trmlckd.mspx
    >>
    >> --
    >> Vera Noest
    >> MCSE, CCEA, Microsoft MVP - Terminal Server
    >> http://hem.fyristorg.com/vera/IT
    >> --- please respond in newsgroup, NOT by private email ---
    >>
    >> "b.binnenweg" <bobby01@nospamxs4all.nl> wrote on 09 feb 2005 in
    >> microsoft.public.windowsnt.terminalserver.setup:
    >>
    >>> I have just finished installing a windows server 2003,
    >>> configured to become a Terminal Server. Remote desktop users
    >>> are able to connect, but i am still wondering about the best
    >>> way to limit the users environment. Should this machine, since
    >>> it isn't a domain controller inherit policies to create a
    >>> foolproof desktop or should the local policy editor be used?
    >>> I'm anxious to hear about specific knowledge base info on
    >>> this, anyone?
Ask a new question

Read More

Windows Server 2003 Windows