• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

Locking down a 2003 Terminal Server with a 2008 GPO

I am curious if anyone has any pointers or any links to a site(s) that show how to lock down a 2003 terminal server which I have running as a virtual server on a 2008 system. I have come across numerous links on how to lock down a 2003 terminal server, but nothing about which policies to use when running the server in a 2008 server environment.
0
MCSA2003
Asked:
MCSA2003
  • 2
  • 2
1 Solution
 
Henrik JohanssonSystems engineerCommented:
It doesn't really matter that it's a Windows Server 2008 domain as long as you use policy settings that is compatible with the older OS
Some policy settings in Administrative Templates (ADM) can be relocated in 2008 structure, but you can use GPMC on a 2003/XP machine with older ADM-files

KB about locking down TS
http://support.microsoft.com/kb/278295

Download GPMC for Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
0
 
MCSA2003Author Commented:
Thanks for the quick reply. I saw the KB article about locking down the TS. The issue I was having is that in the 2008 GPO, the settings are not in the correct place. For example, the first step is:

[Computer Configuration\Admin Templates\System\Group Policy]

Enable the following setting:
User Group Policy loopback processing mode


This setting is not available in the 2008 GPO. The link that you provided for 2003 GPMC, are you saying this needs to be installed on any XP or 2003 box? If so, how do I link it to users on the 2008 domain controller? Couls it be ran on the terminal server and configured there?
0
 
Henrik JohanssonSystems engineerCommented:
The policy setting is there when using GPMC in 2008, but is a little bit relocated.
The policy settings has been grouped under Policies and the path for the loopback processing setting in GPMC2008 is as below. For the most settings, just add Policies between 'Computer Configuration' and 'Administrative Templates'.

Computer Configuration\Policies\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode

If unsure where the policy setting is located, you find all settings at the same place when looking in

Computer Configuration\Policies\Administrative Templates\All Settings


The GPMC tool downloadable from the link above can be installed on any XP/2003 machine that you want to use for GPO management to avoid the nead to logon to DC. It's just a management tool that works remote from any member computer in the domain.
So, yes for your question about if GPMC can be installed on the TS, but it isn't necessary.

ADUC and some other AD-tools can be installed from adminpak.msi located in \win2003servername\admin$\system32\adminpak.msi
In Vista and above, the tools are part of RSAT (Remote Server Administrative Tools).
0
 
MCSA2003Author Commented:
I installed GPMC on an XP machine and everything worked perfectly. Thanks
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now