Solved

Windows 2003 - Remote Desktop - How to lock down?

Posted on 2003-11-13
6
836 Views
Last Modified: 2013-11-21
What I have is a bunch of users that are essentially using Windows 2003 Terminal Services (Remote Desktop) sessions as "Dumb Terminals". I put 4 Icons on the desktop and that's all I want them to have access to. I don't want them to have the ability to shut down the session. I don't want them to be able to add shortcuts, explore by right clicking on the start button, etc.

Any ideas on how I can lock them down? Do I need to be set up in an Active Directory environment to be able to use group policies? Right now I'm set up as a standalone server.

Thanks

Josh
0
Comment
Question by:JoshFink
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 9741606
Not sure if it'll accomplish everything you're looking for, but explore gpedit.msc (from Start->Run)
I think you may have a problem with preventing them from shutting down the session - unless I'm not understanding you there. . .
0
 

Author Comment

by:JoshFink
ID: 9741613
Well, I looked at gpedit.msc , but the things in there tend to apply to all users and I want to limit certain groups..  

Thanks though

Josh
0
 
LVL 11

Expert Comment

by:adonis1976
ID: 9741924
to accomplish whatever you need, you will have to have the Active directory. Once the active directory is done, you can create an OU for the users you want to limit and then apply the GPO(group policy) to that OU.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:JoshFink
ID: 9742686
That's what I was thinking.. Off to try it.
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 9764018
:0) Heres some pointers

Windows Domain Group Policy

Configuring Account Policies in Active Directory

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q255/5/50.asp&NoWebContent=1


Troubleshooting

1. Ensure You have created a Domain Security policy, and not a local policy on a domain controller.

2. Ensure The group policy is applied  either to the Root of AD or the OU where the users/machines reside.

3. Right click either the policy or the level at which the policy was applied and select the security tab. Ensure "Apply Group Policy" is ticked.

4. Press Start > Run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE

5. Press Start > Run > SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE

6. Are Your Users seeing these Error Messages....

   Your account has been disabled. Please see your system administrator.

   OR

   Unable to log you on because your account has been locked out, please contact your    administrator.

   If so see http://support.microsoft.com/default.aspx?scid=kb;en-us;279227

7. Account Lockout Problems see http://support.microsoft.com/default.aspx?scid=kb;en-us;274372

8. Machine Account Lockout Problems see http://support.microsoft.com/default.aspx?scid=kb;en-us;260930
http://support.microsoft.com/default.aspx?scid=kb;en-us;817701

9. Policy not being enforced Try http://support.microsoft.com/default.aspx?scid=kb;en-us;254174

10. Account Locking for no reason see
http://support.microsoft.com/default.aspx?scid=kb;en-us;328862

11. Policy not applying to users try
http://support.microsoft.com/default.aspx?scid=kb;EN-US;263693

12. You are only allowed one Domain Security Policy! see
http://support.microsoft.com/default.aspx?scid=kb;en-us;255550

13. Still no Joy! Try the official Microsoft Troubleshooting guide http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot.asp
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10625934
ThanQ
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question