Applying GP to Users in a Terminal Server

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a user that has created a group in Active Directory. There is
an application on a terminal server that he wants the people in this
group to have access to this app and nothing else. Is there anything
special I need to do to implement this in a Terminal Server
enviornment? My plan is, and correct me if it's wrong (which is why
I'm posting here) to open gpedit on the Terminal Server, and go from
there. I want to know how to assign the rights to this specific group.


Thanks
2 answers Last reply
More about applying users terminal server
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Gpedit.msc will apply to ALL users that logon to that computer unless there is
    an overriding GPO at the domain/OU level for the same defined settings. You
    might want to consider putting those users in an OU with a GPO having user
    configuration defined for those users. Then for instance you can configure the
    allowed Windows application to contain only that application [user
    configuration/administrative templates/system] . However those users would have
    the same restrictions on any computer they logon to if they logon to other
    domain computers with the same domain accounts. --- Steve


    "Bob Feller" <lifestar6664@hotmail.com> wrote in message
    news:41m9i01egk6lgp0lnheb6qajosc9m05qdd@4ax.com...
    > I have a user that has created a group in Active Directory. There is
    > an application on a terminal server that he wants the people in this
    > group to have access to this app and nothing else. Is there anything
    > special I need to do to implement this in a Terminal Server
    > enviornment? My plan is, and correct me if it's wrong (which is why
    > I'm posting here) to open gpedit on the Terminal Server, and go from
    > there. I want to know how to assign the rights to this specific group.
    >
    >
    > Thanks
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Also, the Computer Configuration, Administrative Templates, System, Group
    Policy, "User Group Policy loopback processing mode" is useful for Terminal
    Servers.

    If this setting is enabled in a GPO that is linked to the OU containing the
    Terminal Server computer and there is a GPO with User Configuration settings
    in it linked to the OU containing the Terminal Server computer, the Group
    Policy mechanism will also apply those User Configuration settings when the
    user logs on to one of the computers in that OU.

    This allows you to have different User Configuration settings for different
    sets of computers (e.g. Terminal Servers in one set, workstations in
    another). See
    http://support.microsoft.com/default.aspx?scid=kb;en-us;260370 (also applies
    to Terminal Services on Windows 2003 Server).

    --
    Bruce Sanderson MVP

    It is perfectly useless to know the right answer to the wrong question.


    "Steven Umbach" <n9rou@n0spam-comcast.net> wrote in message
    news:n2zVc.10923$9d6.9277@attbi_s54...
    > Gpedit.msc will apply to ALL users that logon to that computer unless
    > there is
    > an overriding GPO at the domain/OU level for the same defined settings.
    > You
    > might want to consider putting those users in an OU with a GPO having user
    > configuration defined for those users. Then for instance you can configure
    > the
    > allowed Windows application to contain only that application [user
    > configuration/administrative templates/system] . However those users would
    > have
    > the same restrictions on any computer they logon to if they logon to other
    > domain computers with the same domain accounts. --- Steve
    >
    >
    > "Bob Feller" <lifestar6664@hotmail.com> wrote in message
    > news:41m9i01egk6lgp0lnheb6qajosc9m05qdd@4ax.com...
    >> I have a user that has created a group in Active Directory. There is
    >> an application on a terminal server that he wants the people in this
    >> group to have access to this app and nothing else. Is there anything
    >> special I need to do to implement this in a Terminal Server
    >> enviornment? My plan is, and correct me if it's wrong (which is why
    >> I'm posting here) to open gpedit on the Terminal Server, and go from
    >> there. I want to know how to assign the rights to this specific group.
    >>
    >>
    >> Thanks
    >
    >
Ask a new question

Read More

Microsoft Terminal Server Active Directory Windows