Solved

Setting Group Policies for TSWEB Users

Posted on 2004-04-01
3
423 Views
Last Modified: 2010-03-18
I am running TSWEB on Server 2000, I need to set group policies without locking out the administrator.  Is there another way other then creating an OU Group Policy in AD?(Microsoft Knowledge Base Article 278295.)  This way I need to create logon accounts for Temtinal Server users.  
0
Comment
Question by:adumawal
  • 2
3 Comments
 
LVL 5

Expert Comment

by:visioneer
Comment Utility
TSWEB uses Terminal Services, so you can either create a Local Policy or use a Group Policy in AD.

A local policy will apply to the local system and everyone who logs into it, Administrator included.

A group policy will apply to only those people who you want it to, depending on where you place it in the tree.

My advice?  Forget the local policy and/or registry changes to lock down the system, because your Administrator will get this applied as well.  Create an OU in Active Directory, stick your server in the OU, create a GPO on the OU with your restrictions.  Then place your Domain Admin account in an OU underneath that one and block policy inheritance.
0
 
LVL 2

Accepted Solution

by:
pretxt earned 500 total points
Comment Utility
Correction:
A local policy will be overwriten by the domain policies.
In order to apply the restrictions to all users logging to the server you can do the following:

1. create a group policy and specify your settings
2.in computer configuration, specify "Group policy loopback policy processing" to Replace mode ... this will cause the computer to apply the user settings disregarding previous policies applying to that user
3. go to the security tab and give permissions  to Read & Apply GPO to the computer account of your server
4. for the domain admins group specify "Deny apply GPO"

This way you will have the GPO applied only to the server, and only to the users logging to the server, with the exceptions of domain administrators
0
 
LVL 5

Expert Comment

by:visioneer
Comment Utility
pretxt is right, that's a better way of doing it.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Resolve DNS query failed errors for Exchange
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now