How to apply policies to specific users on a Member Server.

I have a Win2k standalone server that is also running Terminal Server.  There are certain users in which I need to lock down their desktops once logged on via Terminal Server.  How do you provide policies to CERTAIN users on a server that is NOT part of a domain?  I was hoping to get a "standard" procedure, as opposed to registry "hacks" or "tricks".  

Thanks very much!!
Who is Participating?
dlwyatt82Connect With a Mentor Commented:
As far as group policy is concerned, you don't. There is only a single Group Policy Object to work with (the Local object), so the normal procedure of filtering GPOs by ACL does not apply.

You will need to configure these settings / policies in the registry in some fashion, perhaps by creating a login script for the users whose desktops you wish to lock down.
If you're not using group policies for anything and don't plan to in the future, you can use the very ugly hack of setting a locked down group policy then denying read access to it for the non-locked down users.  Just be careful that the changes aren't updated immediately or you'll lock yourself down before you can deny yourself read permissions to the policy.  Hopefully there's a better way, but I remember seeing the above concept a while back to have admins unaffected by group policy.  I don't have the url handy that had very detailed instructions on doing this.  If you want to go this route and need more specific info, I can do some digging.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.