I realized today that after securing the GPO for our Terminal Servers to the likes of removing network neighborhood, removing right clicking on the taskbar, no run command, removing access to regedit/control panel/admin tools that those changes applied to the local user as well.
Whats the best way to secure terminal servers from the remote desktop users stance?
(just had a thought) Could I set the Security Filtering in the GPO's Scope to "remote desktop users"? Would that cause the GPO to not affect local users (i.e. VNC, physical console)?