• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 847
  • Last Modified:

Windows 2003 - Remote Desktop - How to lock down?

What I have is a bunch of users that are essentially using Windows 2003 Terminal Services (Remote Desktop) sessions as "Dumb Terminals". I put 4 Icons on the desktop and that's all I want them to have access to. I don't want them to have the ability to shut down the session. I don't want them to be able to add shortcuts, explore by right clicking on the start button, etc.

Any ideas on how I can lock them down? Do I need to be set up in an Active Directory environment to be able to use group policies? Right now I'm set up as a standalone server.

Thanks

Josh
0
JoshFink
Asked:
JoshFink
1 Solution
 
sirbountyCommented:
Not sure if it'll accomplish everything you're looking for, but explore gpedit.msc (from Start->Run)
I think you may have a problem with preventing them from shutting down the session - unless I'm not understanding you there. . .
0
 
JoshFinkAuthor Commented:
Well, I looked at gpedit.msc , but the things in there tend to apply to all users and I want to limit certain groups..  

Thanks though

Josh
0
 
adonis1976Commented:
to accomplish whatever you need, you will have to have the Active directory. Once the active directory is done, you can create an OU for the users you want to limit and then apply the GPO(group policy) to that OU.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
JoshFinkAuthor Commented:
That's what I was thinking.. Off to try it.
0
 
Pete LongTechnical ConsultantCommented:
:0) Heres some pointers

Windows Domain Group Policy

Configuring Account Policies in Active Directory

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q255/5/50.asp&NoWebContent=1


Troubleshooting

1. Ensure You have created a Domain Security policy, and not a local policy on a domain controller.

2. Ensure The group policy is applied  either to the Root of AD or the OU where the users/machines reside.

3. Right click either the policy or the level at which the policy was applied and select the security tab. Ensure "Apply Group Policy" is ticked.

4. Press Start > Run > SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE

5. Press Start > Run > SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE

6. Are Your Users seeing these Error Messages....

   Your account has been disabled. Please see your system administrator.

   OR

   Unable to log you on because your account has been locked out, please contact your    administrator.

   If so see http://support.microsoft.com/default.aspx?scid=kb;en-us;279227

7. Account Lockout Problems see http://support.microsoft.com/default.aspx?scid=kb;en-us;274372

8. Machine Account Lockout Problems see http://support.microsoft.com/default.aspx?scid=kb;en-us;260930
http://support.microsoft.com/default.aspx?scid=kb;en-us;817701

9. Policy not being enforced Try http://support.microsoft.com/default.aspx?scid=kb;en-us;254174

10. Account Locking for no reason see
http://support.microsoft.com/default.aspx?scid=kb;en-us;328862

11. Policy not applying to users try
http://support.microsoft.com/default.aspx?scid=kb;EN-US;263693

12. You are only allowed one Domain Security Policy! see
http://support.microsoft.com/default.aspx?scid=kb;en-us;255550

13. Still no Joy! Try the official Microsoft Troubleshooting guide http://www.microsoft.com/windows2000/techinfo/howitworks/management/gptshoot.asp
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now