User access rights on Terminal Server
Hello everyone,
I have installed Terminal server on Windows 2003 server (member server) in application mode.
I have created users on the terminal server itself (local users) and dont want to use AD Group Policies as the users who will connect to this server are not part of my domain.
I want to know if their is a way to restrict user access to:-
(*) local disk .... specific folders only
(*) setting up the default home directory &Â profile path
I tried giving access using the local group policy object but it restricts access to even the administrator whereas i would like to restrict access to only specific users.
Please advise.
Regards,
Fadal
I have installed Terminal server on Windows 2003 server (member server) in application mode.
I have created users on the terminal server itself (local users) and dont want to use AD Group Policies as the users who will connect to this server are not part of my domain.
I want to know if their is a way to restrict user access to:-
(*) local disk .... specific folders only
(*) setting up the default home directory &Â profile path
I tried giving access using the local group policy object but it restricts access to even the administrator whereas i would like to restrict access to only specific users.
Please advise.
Regards,
Fadal
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jay_Jay70
you can apply the local policies to certain users, but its messy and not a fun task.....i cannot find the doco but there is one from microsoft
ASKER
Itcoza,
Thank you for your input.
Though initially i wanted to avoid using Group Policies ... but after going through quite a few documentation came to realize that Group Policies are the way to do it, having said that, this is what i have done and am still not able to configure it the way i would like it to be.
I have created a separate OU for Terminal server users, placed the user accounts in the GPO and have configured the 'Folder Redirection' policy to redirect the home folders onto the 'C:\User' (on the terminal server, which is shared and given access to users of termnal server) but when the user logs in the profile still gets created in the default path of 'C:\Documents and Settings\%username%' on the terminal server.
Can you please (or anyone) guide me as to how to get the folder redirection getting working correctly on Terminal Server 2003?
Regards,
Fadal
Thank you for your input.
Though initially i wanted to avoid using Group Policies ... but after going through quite a few documentation came to realize that Group Policies are the way to do it, having said that, this is what i have done and am still not able to configure it the way i would like it to be.
I have created a separate OU for Terminal server users, placed the user accounts in the GPO and have configured the 'Folder Redirection' policy to redirect the home folders onto the 'C:\User' (on the terminal server, which is shared and given access to users of termnal server) but when the user logs in the profile still gets created in the default path of 'C:\Documents and Settings\%username%' on the terminal server.
Can you please (or anyone) guide me as to how to get the folder redirection getting working correctly on Terminal Server 2003?
Regards,
Fadal
i am inclined to agree with itcoza
create an ou on AD and put these users there
then hide the local drive letters and disable access to them so they cannot be accessed from the command prompt.
this is hands down the best way to do this
i have installed severall application service providers using citrix, native terminal services and have always done it this way.
deploying using citrix or Sun Secure Global Desktop Software 4.2 are your best options
i think Sun Secure Global Desktop Software 4.2 is still free so more cost effective than citrix and it does not require a sparc box you can run it using solaris 10 for intel. this product used to be called tarantella. and is very good easy to use and gives a nice user interface.
also prevents desktop access and launches the application directly.
create an ou on AD and put these users there
then hide the local drive letters and disable access to them so they cannot be accessed from the command prompt.
this is hands down the best way to do this
i have installed severall application service providers using citrix, native terminal services and have always done it this way.
deploying using citrix or Sun Secure Global Desktop Software 4.2 are your best options
i think Sun Secure Global Desktop Software 4.2 is still free so more cost effective than citrix and it does not require a sparc box you can run it using solaris 10 for intel. this product used to be called tarantella. and is very good easy to use and gives a nice user interface.
also prevents desktop access and launches the application directly.
you are correct to this point of creating the users in there own ou.
on the group policy can you tell me what you put in as an entry for the terminal users, also have you tried running RSOP for one of the users to see what are the resultant policy that is being applied
on the group policy can you tell me what you put in as an entry for the terminal users, also have you tried running RSOP for one of the users to see what are the resultant policy that is being applied