Local Group Policy

Hello buddies,

I am new to  windows 2003 Advanced server. I have installed the server and using its "remote desktop" (terminal services) features  in the client pc for sharing internet and applications but having following few problems can any one help me out in the problems.

1. How Can i configure Group policies for local users and groups without configuring a domain  for the same  as i am using the local users and group with help of remote desktop.

2. How can i hide the drives, desktop and redirect  the profiles for the local users and groups.

3. if group policies are only configured in a domain then Can a domain be configured for a local user names and domains if yes how.

4. How can i disble or work with enchanced internet security feature  as  on accesing a site on client pcs it always ask for  adding the site to the security zone.
pawankkAsked:
Who is Participating?
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
pawankk...

You can easily hide drives and any other resource that a user doesn't have permission for with the new Access Based Enumeration if your server is R2.  See http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084 for the download of this feature.

You may also want to review this presentation on locking down terminal session desktops: http://www.brianmadden.com/content/content.asp?ID=517

If you ARE going to use domain security accounts, why would you not then convert the users to domain accounts?  Ideally you don't want local users to have remote access capability anyhow... just better for security.

Regarding the IE enhanced security... if you do want to disable it, you would uninstall it from add/remove windows components.  Otherwise, you can add the site to the trusted zone using wild cards if you like, such as *.companyname.*/*

Jeff
TechSoEasy
0
 
mikeleebrlaCommented:
1.  on the server open the group policy MMC (microsoft management console) and create the policies,,, thats it.
2.  why would you want to hide the drives, and the deskop??
3.  group policies can be appllied both at the local and domain level.... actually they are applied in the following order: local, site, domian, OU....  if any of them conflict with eachother, the last one applied takes precidence.... the whole purpose of a domain is to get rid of local accounts on every machine.... so local accounts and domain accounts are COMPLETELY seperate (each has their own SIDs)..... if you have a domain, you shouldn't have local users at all (other than the local admin usually)
4.  http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/iesecxp.mspx
http://www.msfn.org/win2k3/ie.htm

0
 
pawankkAuthor Commented:
mikeleebrla
 do we  have to create snp in for creating the local  GPO  please detail me how to crete the GPO for local users.

I m using the local users and groups  from the clients pc in my cafee so i want the users to deny permision to access and view the  drives from the remote desktop pc  and  disable other options like screen saver desktop and others.. hope u got my view.......
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
pawankkAuthor Commented:
mikeleebrla  and buddies  no reply??

i have tried  with gpedit command and the polciy is working but its applying to all groups and users even to the administrator how to give the group policy  to  a specific group or  users......?? kindly tell me its urgent
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
When you say that you are using local users and groups from the clients PC... this isn't possible.  When they log onto your Terminal Session they would be using an account on the Terminal Server or within your domain?  What name do they log onto the REMOTE session with?

Jeff
TechSoEasy
0
 
pawankkAuthor Commented:
i am using client cards on pcs its using  reomte desktop in backgorund to show the screens .. i am not using any ... domain .its on local pc its  using the profiles of local pc.. and showing the scren on differnet pc.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Fine, but when you open the remote desktop session you are logging in to the remote machine.  So changing the policy of the LOCAL PC won't do anything really.  All policies must be deployed on the Terminal Server machine.

Does this make sense?

Jeff
TechSoEasy
0
 
pawankkAuthor Commented:
TechSoEasy

YAH  buddy
u  r right  i m saying the same thing.. let me elaborate it what i have done..........

I have configured Windows 2003  advanced server in a machine with terminal sever   configured on it .. on a P4 3.0 ghz with 2 gb DDR Ram and  160gb SATA  harddisk..

Secondly i have configured  teminal sever with the software  provided by the  co. of  LAN Boot client cards and running 30 diskless and low configured teminals PI, Cleron, PIII machines  with  those cards succesfully.

Thirdly  i have exicuted "GPEDIT" command and given the group policy on  it (on the  terminal server) without configuring  domain  on the temrnial sever (DCPROMO command)  so i calle dit on  local machine (by which i mean terminal sever) because i have only i sever  1 machien with  disk and the users  profiles and policy are applied on that  PC as what i know that  in terminal services u loog on to the same PC viewing its  drives  seting aas   working on the same pc siiting at diffrent nodes..  

M i right did u got  this much -

now my questions :-

fourthly  after configuring the group policies (gpedit) command all the policieyu of hiding dekstop icos ..restircting drives  and .. all the policies.. i got the result on users ..... logging to diffrent nodes.. but my concern is that .......

1. the administrator to get same effect of group policy configured on the sever ..for users
2. I want to  give diffrent groups/ users diffrent  rights  restricton can it be possible  if yes how ..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.