?
Solved

Local Group Policy

Posted on 2006-04-30
8
Medium Priority
?
333 Views
Last Modified: 2011-10-03
Hello buddies,

I am new to  windows 2003 Advanced server. I have installed the server and using its "remote desktop" (terminal services) features  in the client pc for sharing internet and applications but having following few problems can any one help me out in the problems.

1. How Can i configure Group policies for local users and groups without configuring a domain  for the same  as i am using the local users and group with help of remote desktop.

2. How can i hide the drives, desktop and redirect  the profiles for the local users and groups.

3. if group policies are only configured in a domain then Can a domain be configured for a local user names and domains if yes how.

4. How can i disble or work with enchanced internet security feature  as  on accesing a site on client pcs it always ask for  adding the site to the security zone.
0
Comment
Question by:pawankk
  • 4
  • 3
8 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 16572560
1.  on the server open the group policy MMC (microsoft management console) and create the policies,,, thats it.
2.  why would you want to hide the drives, and the deskop??
3.  group policies can be appllied both at the local and domain level.... actually they are applied in the following order: local, site, domian, OU....  if any of them conflict with eachother, the last one applied takes precidence.... the whole purpose of a domain is to get rid of local accounts on every machine.... so local accounts and domain accounts are COMPLETELY seperate (each has their own SIDs)..... if you have a domain, you shouldn't have local users at all (other than the local admin usually)
4.  http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/iesecxp.mspx
http://www.msfn.org/win2k3/ie.htm

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 16574787
pawankk...

You can easily hide drives and any other resource that a user doesn't have permission for with the new Access Based Enumeration if your server is R2.  See http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084 for the download of this feature.

You may also want to review this presentation on locking down terminal session desktops: http://www.brianmadden.com/content/content.asp?ID=517

If you ARE going to use domain security accounts, why would you not then convert the users to domain accounts?  Ideally you don't want local users to have remote access capability anyhow... just better for security.

Regarding the IE enhanced security... if you do want to disable it, you would uninstall it from add/remove windows components.  Otherwise, you can add the site to the trusted zone using wild cards if you like, such as *.companyname.*/*

Jeff
TechSoEasy
0
 

Author Comment

by:pawankk
ID: 16574937
mikeleebrla
 do we  have to create snp in for creating the local  GPO  please detail me how to crete the GPO for local users.

I m using the local users and groups  from the clients pc in my cafee so i want the users to deny permision to access and view the  drives from the remote desktop pc  and  disable other options like screen saver desktop and others.. hope u got my view.......
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:pawankk
ID: 16604233
mikeleebrla  and buddies  no reply??

i have tried  with gpedit command and the polciy is working but its applying to all groups and users even to the administrator how to give the group policy  to  a specific group or  users......?? kindly tell me its urgent
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16608970
When you say that you are using local users and groups from the clients PC... this isn't possible.  When they log onto your Terminal Session they would be using an account on the Terminal Server or within your domain?  What name do they log onto the REMOTE session with?

Jeff
TechSoEasy
0
 

Author Comment

by:pawankk
ID: 16610162
i am using client cards on pcs its using  reomte desktop in backgorund to show the screens .. i am not using any ... domain .its on local pc its  using the profiles of local pc.. and showing the scren on differnet pc.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16610937
Fine, but when you open the remote desktop session you are logging in to the remote machine.  So changing the policy of the LOCAL PC won't do anything really.  All policies must be deployed on the Terminal Server machine.

Does this make sense?

Jeff
TechSoEasy
0
 

Author Comment

by:pawankk
ID: 16615995
TechSoEasy

YAH  buddy
u  r right  i m saying the same thing.. let me elaborate it what i have done..........

I have configured Windows 2003  advanced server in a machine with terminal sever   configured on it .. on a P4 3.0 ghz with 2 gb DDR Ram and  160gb SATA  harddisk..

Secondly i have configured  teminal sever with the software  provided by the  co. of  LAN Boot client cards and running 30 diskless and low configured teminals PI, Cleron, PIII machines  with  those cards succesfully.

Thirdly  i have exicuted "GPEDIT" command and given the group policy on  it (on the  terminal server) without configuring  domain  on the temrnial sever (DCPROMO command)  so i calle dit on  local machine (by which i mean terminal sever) because i have only i sever  1 machien with  disk and the users  profiles and policy are applied on that  PC as what i know that  in terminal services u loog on to the same PC viewing its  drives  seting aas   working on the same pc siiting at diffrent nodes..  

M i right did u got  this much -

now my questions :-

fourthly  after configuring the group policies (gpedit) command all the policieyu of hiding dekstop icos ..restircting drives  and .. all the policies.. i got the result on users ..... logging to diffrent nodes.. but my concern is that .......

1. the administrator to get same effect of group policy configured on the sever ..for users
2. I want to  give diffrent groups/ users diffrent  rights  restricton can it be possible  if yes how ..
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Integration Management Part 2

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question