Prevent certain users from accessing terminal services on server.

Hello, I have a physical server running Windows 2003 Server and a virtual server running Windows 2003 as well, each have own IP and have running terminal services. I need to be able to limit access to accounting dept to the Virtual, and teachers need access to the physical one. How would I limit these two groups to their respective servers?
ishmickAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

debuggerauCommented:
Can I assume you have made a forest in AD and have separate OU's for each department?

I would assigned users to a global security group and then assigned the global group to a domain local group. The domain local group is then assigned the appropriate permissions for any given folder.

Hope that helps.
0
Jay_Jay70Commented:
on your terminal server management side of things - just add a group for your teachers to access their server and noone else and the same for the others on your other server - its all under the rdp-tcp properties of the server :)
0
CoccoBillCommented:
By default the terminal servers are accessible by members of the servers' local Administrators and Remote Desktop Users groups. Add the group containing the teachers to the Remote Desktop Users on the physical server and the group with the accounting dept users to the other one. Or, if you want to follow MS best practises do it like debuggerau suggests, that is add the users to domain global groups, the global groups to domain local groups and add those local groups to the Remote Desktop Users groups. IMO this will just make the hierarchy bulky and complex, the main thing either way is to have up to date documentation on your environment.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ishmickAuthor Commented:
Thanks guys, big help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.