Solved

An account for terminal users to access

Posted on 2006-07-18
10
179 Views
Last Modified: 2010-04-18
Hi Guys,

just setting up terminal server on a 2003 domain controller. This terminal server will be used for people to log on nan use our CRM package. Obviously, i don't want these users to be able to access anything even remotely dodgy on the domain controller, for obvious reasons, so just want to know how to go about setting up a dumb account, that only really lets them use the CRM package. Also, is there a way i could customise the view, shortcuts, toolbars etc, before given them access to the account (where they WONT be able to change any of my customization)

Thanks, Gavin
0
Comment
Question by:Gavin5511
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 17134422
what we do:

set up an OU with your dummy user
apply a group policy to that OU customising it as much as you like and preventing change...there is only so far you can lock a machine down but it is pretty effective
http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 17139404
right, been reading through that walkthrough, and it could quite possibly be the BEST white paper ever! very clear, very precise, and great for people who can't be bothered to go through hundreds of policies! like me! ;)

i have a problem however.....

It says there are 2 ways of going about it. Locking down the machine, or locking down the users...

Now, the machine that i have installed terminal server on is actually a domain controller, so i'm assuming i can't create a new OU, restrict it, then dump the domain controller in there!

As for the user lockdown, i have a strange problem. we have 5 users in a remote office who use terminal server to connect to our CRM software. Now i can't lock down these 5 users accounts down in an OU either, because they use these accounts to connect to our network over VPN. so, is it possible just to create 1 account, and let them all log on as the same user (eg. all log on as terminaluser1). or would i have to create a locked down account for them to each individually use?

apart from that, i really was impressed with that white paper! thanks!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17143543
no problem, you can use whats called loopback processing for this scenario

http://support.microsoft.com/?id=231287

OR you can create separate users if thats the way you want to go
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 1

Author Comment

by:Gavin5511
ID: 17144934
excleent! i heard somthing about that. i know i might seem a pain, but can u just make things a little clearer for me? do you suggest i created a new OU with the domain controller in it then?
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 17144984
sorry, that probably didn't make sense! do i put loopback policy on a new OU with the domain controller in? do i put loopback policy on a new OU with the 5 individual user profiles in? or do i put loopback policy on a new OU with 1 new user in that all 5 users will use? or do i simple not make a new OU, and apply it to an existing OU?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17145008
leave your DC where it is! as you mentioned before...moving that is a no go!

up to you whether you want a new OU with a new user in it (i would take that path...) make sure you get one working first and then decide if you want one user    or multiple :)
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 17145173
ok, i get it now! so basically, the DC stays the same, but when a user logs on that has got the loopback processing, it changes the way the DC runs JUST for that user? how do i link the user to the DC then?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17145650
the user doesnt get linked to the DC - it just logs on to it and then policy is applied
0
 
LVL 1

Author Comment

by:Gavin5511
ID: 17145722
Cheers man! just tested it and everything works absolutely perfect! what a great bunch of help you have been! i would give you more than 500 points, but i can't! lol! so hope your happy with them!

Cheers, Gavin
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17150239
No problems at all Gavin, glad things work well :)
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question