Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 766
  • Last Modified:

Lock down Windows 2003 Terminal Server but not lock down domain accounts

I have a client that has a Windows 2003 Terminal Server.  They have both local users accounts and domain users accounts.  They want to lock down the server to only run their accounting package for their local accounts but not prohibit any functionality to their domain users account.  There aren't a whole lot of lockdown features on the local policies, so I am a little stumped.  I was toying with the idea of creating a GPO and denying the policy to domain users.  Not sure if that will work or not.  Need some advice.
0
PCgod2004
Asked:
PCgod2004
  • 3
  • 2
1 Solution
 
LKaushalCommented:
I think this is te only way as 'Machine' policy will restirct or allow all users, co only User policy what you could configure, however, it will apply to all user unless you apply policy on OU level to allow or permit.
0
 
PCgod2004Author Commented:
will a domain machine policy apply when users log in with local accounts?  I was thinking about creating a Machine GPO and denying the Domain Users account.  Do you think that domain users will still have free roam but the machine policy will prohibit local user account?
0
 
ryansotoCommented:
Why not allow them to log on as a domain account and just restrict what they can do on the server via GPO?
My users can only log into our TS and run accounting software and view mapped drives.
I could take away the mapped drives and all icons on the desktop except the accounting software.  Essentially they would only be able to run the application and thats it.

It would be safer to use domain credentials for logging in then a local account.  Bad idea IMO
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
PCgod2004Author Commented:
Not really my choice it's the customers.  I have since convinced them to use a Domain GPO with domain account.  Thanks for all your comments but the issue has been resolved.
0
 
ryansotoCommented:
Sure - dont forget to close the question
0
 
PCgod2004Author Commented:
use a Domain GPO with domain account
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now