I've asked this question before, but it's gone stale so i'll try and start again and see if I get the answer I need..
I have a customer with an SBS2003 server. I have left TS in administrative mode. There are a couple of users who connect occasionally via TS. I also adminster the server remotely via TS.
To prevent them doing things they shouldn't, I have created a policy to lock down their TS sessions. It works well. Unfortunately, it also locks down their workstations when they log into network internally. The main problem being that they can't shut down their workstation.
I need to apply this policy just to these users only when they login via TS. It was suggested that I put the server in it's own OU and apply the policy to the server, but I think that would also lock down my administrative account.
For the time being, I have given them seperate user accounts to use when they log in via TS. I don't regard this as good solution, so i'm looking for something better.
Anyone any ideas?