Solved

Lock down Windows 2003 Terminal Server but not lock down domain accounts

Posted on 2008-06-25
6
754 Views
Last Modified: 2010-04-21
I have a client that has a Windows 2003 Terminal Server.  They have both local users accounts and domain users accounts.  They want to lock down the server to only run their accounting package for their local accounts but not prohibit any functionality to their domain users account.  There aren't a whole lot of lockdown features on the local policies, so I am a little stumped.  I was toying with the idea of creating a GPO and denying the policy to domain users.  Not sure if that will work or not.  Need some advice.
0
Comment
Question by:PCgod2004
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:LKaushal
ID: 21867335
I think this is te only way as 'Machine' policy will restirct or allow all users, co only User policy what you could configure, however, it will apply to all user unless you apply policy on OU level to allow or permit.
0
 

Author Comment

by:PCgod2004
ID: 21867429
will a domain machine policy apply when users log in with local accounts?  I was thinking about creating a Machine GPO and denying the Domain Users account.  Do you think that domain users will still have free roam but the machine policy will prohibit local user account?
0
 
LVL 24

Expert Comment

by:ryansoto
ID: 21868290
Why not allow them to log on as a domain account and just restrict what they can do on the server via GPO?
My users can only log into our TS and run accounting software and view mapped drives.
I could take away the mapped drives and all icons on the desktop except the accounting software.  Essentially they would only be able to run the application and thats it.

It would be safer to use domain credentials for logging in then a local account.  Bad idea IMO
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:PCgod2004
ID: 21868507
Not really my choice it's the customers.  I have since convinced them to use a Domain GPO with domain account.  Thanks for all your comments but the issue has been resolved.
0
 
LVL 24

Accepted Solution

by:
ryansoto earned 500 total points
ID: 21868525
Sure - dont forget to close the question
0
 

Author Closing Comment

by:PCgod2004
ID: 31470590
use a Domain GPO with domain account
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question