I have configured a Windows 2000 Server and joined it to an existing Windows NT Domain, hence Active Directory has not been setup. I have configured terminal server in application mode (without licence server) in order to try out this feature. I successfully connect using a client but I would like to restrict access for this user as he is able to use internet explorer, and any other apps on the server running TS. I have looked into Domain Group Policies but this is not running Active Directory and I do not want the changes to affect the users local machine only his TS session. With local server policies the changes applied affect the Administrator aswell as the users. Any information would be grately appreciated.