Solved

Setting Group Policies for TSWEB Users

Posted on 2004-04-01
3
434 Views
Last Modified: 2010-03-18
I am running TSWEB on Server 2000, I need to set group policies without locking out the administrator.  Is there another way other then creating an OU Group Policy in AD?(Microsoft Knowledge Base Article 278295.)  This way I need to create logon accounts for Temtinal Server users.  
0
Comment
Question by:adumawal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Expert Comment

by:visioneer
ID: 10737361
TSWEB uses Terminal Services, so you can either create a Local Policy or use a Group Policy in AD.

A local policy will apply to the local system and everyone who logs into it, Administrator included.

A group policy will apply to only those people who you want it to, depending on where you place it in the tree.

My advice?  Forget the local policy and/or registry changes to lock down the system, because your Administrator will get this applied as well.  Create an OU in Active Directory, stick your server in the OU, create a GPO on the OU with your restrictions.  Then place your Domain Admin account in an OU underneath that one and block policy inheritance.
0
 
LVL 2

Accepted Solution

by:
pretxt earned 500 total points
ID: 10738754
Correction:
A local policy will be overwriten by the domain policies.
In order to apply the restrictions to all users logging to the server you can do the following:

1. create a group policy and specify your settings
2.in computer configuration, specify "Group policy loopback policy processing" to Replace mode ... this will cause the computer to apply the user settings disregarding previous policies applying to that user
3. go to the security tab and give permissions  to Read & Apply GPO to the computer account of your server
4. for the domain admins group specify "Deny apply GPO"

This way you will have the GPO applied only to the server, and only to the users logging to the server, with the exceptions of domain administrators
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10738772
pretxt is right, that's a better way of doing it.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
An article on effective troubleshooting
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month5 days, 21 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question