adumawal
asked on
Setting Group Policies for TSWEB Users
I am running TSWEB on Server 2000, I need to set group policies without locking out the administrator. Is there another way other then creating an OU Group Policy in AD?(Microsoft Knowledge Base Article 278295.) This way I need to create logon accounts for Temtinal Server users.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
pretxt is right, that's a better way of doing it.
A local policy will apply to the local system and everyone who logs into it, Administrator included.
A group policy will apply to only those people who you want it to, depending on where you place it in the tree.
My advice? Forget the local policy and/or registry changes to lock down the system, because your Administrator will get this applied as well. Create an OU in Active Directory, stick your server in the OU, create a GPO on the OU with your restrictions. Then place your Domain Admin account in an OU underneath that one and block policy inheritance.