Solved

Setting Group Policies for TSWEB Users

Posted on 2004-04-01
3
430 Views
Last Modified: 2010-03-18
I am running TSWEB on Server 2000, I need to set group policies without locking out the administrator.  Is there another way other then creating an OU Group Policy in AD?(Microsoft Knowledge Base Article 278295.)  This way I need to create logon accounts for Temtinal Server users.  
0
Comment
Question by:adumawal
  • 2
3 Comments
 
LVL 5

Expert Comment

by:visioneer
ID: 10737361
TSWEB uses Terminal Services, so you can either create a Local Policy or use a Group Policy in AD.

A local policy will apply to the local system and everyone who logs into it, Administrator included.

A group policy will apply to only those people who you want it to, depending on where you place it in the tree.

My advice?  Forget the local policy and/or registry changes to lock down the system, because your Administrator will get this applied as well.  Create an OU in Active Directory, stick your server in the OU, create a GPO on the OU with your restrictions.  Then place your Domain Admin account in an OU underneath that one and block policy inheritance.
0
 
LVL 2

Accepted Solution

by:
pretxt earned 500 total points
ID: 10738754
Correction:
A local policy will be overwriten by the domain policies.
In order to apply the restrictions to all users logging to the server you can do the following:

1. create a group policy and specify your settings
2.in computer configuration, specify "Group policy loopback policy processing" to Replace mode ... this will cause the computer to apply the user settings disregarding previous policies applying to that user
3. go to the security tab and give permissions  to Read & Apply GPO to the computer account of your server
4. for the domain admins group specify "Deny apply GPO"

This way you will have the GPO applied only to the server, and only to the users logging to the server, with the exceptions of domain administrators
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10738772
pretxt is right, that's a better way of doing it.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question