[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to apply policies to specific users on a Member Server.

Posted on 2004-08-10
2
Medium Priority
?
212 Views
Last Modified: 2010-04-14
I have a Win2k standalone server that is also running Terminal Server.  There are certain users in which I need to lock down their desktops once logged on via Terminal Server.  How do you provide policies to CERTAIN users on a server that is NOT part of a domain?  I was hoping to get a "standard" procedure, as opposed to registry "hacks" or "tricks".  

Thanks very much!!
0
Comment
Question by:tsavage
2 Comments
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 750 total points
ID: 11767926
As far as group policy is concerned, you don't. There is only a single Group Policy Object to work with (the Local object), so the normal procedure of filtering GPOs by ACL does not apply.

You will need to configure these settings / policies in the registry in some fashion, perhaps by creating a login script for the users whose desktops you wish to lock down.
0
 
LVL 9

Expert Comment

by:fixnix
ID: 11783853
If you're not using group policies for anything and don't plan to in the future, you can use the very ugly hack of setting a locked down group policy then denying read access to it for the non-locked down users.  Just be careful that the changes aren't updated immediately or you'll lock yourself down before you can deny yourself read permissions to the policy.  Hopefully there's a better way, but I remember seeing the above concept a while back to have admins unaffected by group policy.  I don't have the url handy that had very detailed instructions on doing this.  If you want to go this route and need more specific info, I can do some digging.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question