?
Solved

Restrict user to Terminal Server login only

Posted on 2008-11-17
8
Medium Priority
?
853 Views
Last Modified: 2013-11-21
Hi all,

I have two servers an SBS2003 and a Terminal Server.

I have setup 1 user account called "desktop" that all users use to login to on their local PCs, from here they launch a remote desktop connection to the terminal server where they use their normal logins ie: "bob.smith"

What I need to do is stop users from login into the local desktops with their normal user logins eg: I dont want them to login to the local PC as "bob.smith" instead of "desktop".

Is there anyway to restrict user accounts to only be able to login via Terminal Server and not to a local PC?
0
Comment
Question by:OnemindIT
  • 5
  • 3
8 Comments
 
LVL 1

Accepted Solution

by:
jmcmillen earned 2000 total points
ID: 22982108
Hi OnemindIT

You can do this using AD. Under the properties for a user select Account, then click on Log On To and then you can restrict the user to only be able to logon to your Terminal server by selecting "The Following Computers" and then entering the name of your terminal server.
0
 

Author Closing Comment

by:OnemindIT
ID: 31517726
Thanks, works perfectly.
0
 

Author Comment

by:OnemindIT
ID: 22982224
Just as a follow up question, is it posbile to have this settings as part of a user template when I crate an account?

I have a bunch of user templates setup and I tried modifying this setting in the template but it doesn't apply to the user account that is created from the template.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:jmcmillen
ID: 22982333
How do you create your templates. I.E. I just have a disabled user account which I have setup properly and then just copy it to create new users. Doing it that way does preserve the Log On To settings. How are you doing your templates?
0
 

Author Comment

by:OnemindIT
ID: 22982373
I used the "Server Management" console that comes with SBS2003 to create the templates (which as you said just creates a disabled user in the AD), then I went into the "template" and changed the logon setting.

What I do when I create a new user though is I again use the "Server Management" console and select "Add User" a wizard pops up and one of the options is a list of "templates" to use, I select one and it creates the user.

I tried it your way by copying the disabled user to create a new user and yes the setting sticks... it must be a problem with how the add user wizard uses the template to create the user (it might only take certain settings from it).
0
 
LVL 1

Expert Comment

by:jmcmillen
ID: 22982395
Yeah not sure on that. Dont actually use SBS so dont have any experience with its wizards. May be an option for you to just use "Active Directory Users and Computers" and copy the disabled user to do it rather then wizard.
0
 

Author Comment

by:OnemindIT
ID: 22982421
Yeh ill do that, got no problem with AD just have to enter less details in the wizard and it lets you do multiple users at the same time with a nice interface.

Thanks.
0
 

Author Comment

by:OnemindIT
ID: 22991643
I have added a related question to this one (see "Related Solution" under the original question).
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question