Group Policy
I have a Windows 2000 Server running Terminal Services. When people log into the Terminal Server, I want a very restricted Policy which only allows them to run the programs I put on their start menu and doesnt allow them to make changes to their desktop etc etc.
I have done this using a Group Policy which is fine.
Unfortunately when the users log into their Windows 2000 Professional Desktop's they also get the same restricted policy. I want them to get full control of their own machines.
How can I disable Group Policies on their local machine?
I have done this using a Group Policy which is fine.
Unfortunately when the users log into their Windows 2000 Professional Desktop's they also get the same restricted policy. I want them to get full control of their own machines.
How can I disable Group Policies on their local machine?
create an OU called TS (or whatever you want) and move all your terminal servers into it. Link a group policy to this OU.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
matt023,
The users us the same logon to the Terminal Server as they do for their local logon
The users us the same logon to the Terminal Server as they do for their local logon
-Have the policy apply only machine & not user settings to an OU, move the terminal server to the OU. (No Override)
-Move the users PC's & or accounts to a different OU, & apply the other policy settings you need.
-Move the users PC's & or accounts to a different OU, & apply the other policy settings you need.
ASKER
What I ended up doing is creating an unrestricted Group Policy (with the Loopback enabled) and applying this to the WIndows 2000 Professional Computer Accounts. The restricted Group Policies are applied normally to the Users.
The following is on the MS web site
Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
From what I read above, I should be able to have one group policy for a Workstation/User and another for Terminal Server/User, but I am not sure of whether I am correct or not.
The following is on the MS web site
Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
From what I read above, I should be able to have one group policy for a Workstation/User and another for Terminal Server/User, but I am not sure of whether I am correct or not.