Avatar of hmcnasty
hmcnasty
 asked on

Another Terminal server question

If a user is logged on to TS is there a way to keep them from logging off to the regular desktop without a password? It seems as though the person could just disconnect the session whenever he or she wanted to.


Wes
Windows Server 2003

Avatar of undefined
Last Comment
Rob Williams

8/22/2022 - Mon
rgonser

You could use group policy to "remove the log off" as well as "remove shutdown button" feature for these users and then whenever you need to log them off, use the runas command to run the shutdown command administratively.
ASKER CERTIFIED SOLUTION
Brian

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
hmcnasty

ASKER
That's a great document.  I think what I am really trying to do is make it so that when a particular user logs on to a machine the machine goes directly to TS instead of logging on to the machine first then going to TS from Remote desktop.  Is this possible?

Brian

Yes you could lock that machine down so that the only icon they see on the desktop is the Remote Desktop connection.  That docuement should talk about that.  If not i would do a search for locking down a desktop with group policy on google.

Brian
Your help has saved me hundreds of hours of internet surfing.
fblack61
Jay_Jay70

or stick your RDP connection in the startup folder and on load away you go.......remember though, there will always be ways for the user to log off the session. shortcuts, task manager on local machine etc etc
hmcnasty

ASKER
Jay Jay

I need a way so that when I log on to the machine using the Member account it goes right to TS.  Kinda like roaming profiles.  If the kids log off TS and it logs out of the machine that's fine.  I just don't want them to log off and get to the regular XP desktop.  Do you know what I mean?  I hope I'm explaining it correctly.
Jay_Jay70

i know exactly what you mean :) but i am dubious as to its availability - at least, i havent ever seen it done, but maybe one of the others has
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Rob Williams

An idea from "out in left field";
Rather than using the standard Remote Desktop Client, perhaps consider using the Remote Desktop Web Connection, and then configure the PC, using group Policy and Internet Explorer to force IE to use Kiosk Mode. Kiosk mode is often used to limit user access to the local system on Kiosks in malls and such locations. You will need to lock it down fuhrer with Group Policy, but there are lots of article on the web to assist you with doing this. Then you would have the System boot to Internet Explorer and use the Terminal Server's logon as the home page.
http://support.microsoft.com/?kbid=154780 
http://www.windowsnetworking.com/articles_tutorials/Windows_2003_Terminal_Services_Part2.html

Another thought, though it requires new hardware, is to use Thin Clients, rather than PC's. They are specifically designed to do exactly what you want, only allow TS access to the remote system. Greatly reduces maintenance and initial hardware purchase costs. A couple of available systems:
http://h10010.www1.hp.com/wwpc/ca/en/sm/WF04a/12132708-12133552-12133552-12133552-12133560.html/
http://www.wyse.com/products/winterm/
hmcnasty

ASKER
I think I'm going to go ahead and just lock down the desktops.  Do you think I should lock them down per machine policy or through the domain policy?  I havn't done this before so I don't want to mess it up.

Thank you for everyone's help.

Wes
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
hmcnasty

ASKER
OK...Let me make sure I get this.

The user's I want to lock down are "members".  These are the kids that will be using TS.  

Do I....
add these members to a group.
open the MMC.
open the group policy editor.
add the group
use the administrative templates
lockdown the desktops
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Jay_Jay70

your policy is applied to an OU not a group

right click on the OU, properties, group policy
hmcnasty

ASKER
I see...

Do I have to write these myself?  I dont' see anything that resembles policies for a desktop.   I was looking for something like the group policy editor in XP.

W
Jay_Jay70

its all there mate, exactly the same as local policies, just create a new one and edit from there
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Rob Williams

If you don't already have it, the free Microsoft Group Policy Management Console makes it easier to view, edit, and create policies:
http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en