ticgums
asked on
Creating desktop restrictions only on the terminal server
At the company that I work for, we have recently opened up a new facility. All the files that are used are still stored at the old building. We have implemented a Terminal Server solution (2X Application Server) to make the bandwidth going back and fourth across the pipe to be as small as possible for speed. We want to create a desktop that some of your folks can open but want to have restrictions on what they can do. The main thing would be not to shut down the server when they go to log off. Is there any way that this can be done on the server and not through AD? We dont want the functionality of there PC to be any different then they currently are, just when they are using the published desktop, to be limited. Thanks for the help
ASKER
We have 2 for load balancing. I don't want to use AD because i only want the setting to be pertinent while using the TS. Unless there is a way to do this that the only thing affected would be the TS desktop.
I'll probably take a look at gpedit.msc
Thanks
I'll probably take a look at gpedit.msc
Thanks
GPEDIT.msc is just group policy for the local machinie...this is my mistake if i was getting you confused i meant more of using the group policy on your domain controller to apply a policy to the TS machines. and or the users (in a group) that use them..
but for what you are wantin then GEDIT.msc should do the trick ;)
any problems and ill help you out
but for what you are wantin then GEDIT.msc should do the trick ;)
any problems and ill help you out
ASKER
Well, I could just configure the TS Servers with the GPEDIT.msc and that way it would only affect the users when they log on or off the TS Server Desktop. How does it work for Admin's? Are the credentials for Domain admins affected the same way?
unfortunatly yes it will affect everyone...as it is applying it to the machinie which is why i also suggested the group policy on your DC....as this way you can assign it to whom ever you wish...im sure you are familiar with group policy...it is exactly the same as GPEDIT only applied to users and not machines, so to speak.
(yes you can configure it so that policy willl only effect the users when they log on to the TS desktop and not when they are logged on to thier normal machines on the network) :D
(yes you can configure it so that policy willl only effect the users when they log on to the TS desktop and not when they are logged on to thier normal machines on the network) :D
ASKER
Any help on that would be appreciated
Thanks
"(yes you can configure it so that policy willl only effect the users when they log on to the TS desktop and not when they are logged on to thier normal machines on the network) :D"
Thanks
"(yes you can configure it so that policy willl only effect the users when they log on to the TS desktop and not when they are logged on to thier normal machines on the network) :D"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is a microsoft link to lockdown a terminal server with group policy. You may not need or want all of the options but they are all there for your reference.
http://support.microsoft.c
http://support.microsoft.c
ASKER
Alright, I made my changes to AD (or at least I thought that i did) but the new settings don't seem to be taking affect. Is there something that I am missing?
Created OU, Moved the TS Servers into the New OU, Set-up my restriction
What did I miss. Thanks.
Created OU, Moved the TS Servers into the New OU, Set-up my restriction
What did I miss. Thanks.
did you add the group or specific users into the 'security filter' bit at bottom right of the GPMC?
ASKER
I fixed the problem...learned that you need to actually apply the GP to take affect.
yes sorry i forgot to mention that part :P
it was the next question i would have asked tho.
make sure it is 'linked' to the OU and not 'Enforced'
major difference
it was the next question i would have asked tho.
make sure it is 'linked' to the OU and not 'Enforced'
major difference
i know you said that you do not want to do it via Active Directory but it is realy easy and simpler to use..
how many machines do you have for load balancing for your TS? or is it just the one?
if that is the case why not log onto the server and change some settings in 'gpedit.msc' that way it will create a local policy for any one with a desktop on that machine..
i currently use citrix and with this i use AD to assign policies and have a citrix users group.
if you would like any help on setting up a policy to do this let me know