Locking down a 2003 Terminal Server with a 2008 GPO

I am curious if anyone has any pointers or any links to a site(s) that show how to lock down a 2003 terminal server which I have running as a virtual server on a 2008 system. I have come across numerous links on how to lock down a 2003 terminal server, but nothing about which policies to use when running the server in a 2008 server environment.
LVL 14
Who is Participating?
Henrik JohanssonSystems engineerCommented:
The policy setting is there when using GPMC in 2008, but is a little bit relocated.
The policy settings has been grouped under Policies and the path for the loopback processing setting in GPMC2008 is as below. For the most settings, just add Policies between 'Computer Configuration' and 'Administrative Templates'.

Computer Configuration\Policies\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode

If unsure where the policy setting is located, you find all settings at the same place when looking in

Computer Configuration\Policies\Administrative Templates\All Settings

The GPMC tool downloadable from the link above can be installed on any XP/2003 machine that you want to use for GPO management to avoid the nead to logon to DC. It's just a management tool that works remote from any member computer in the domain.
So, yes for your question about if GPMC can be installed on the TS, but it isn't necessary.

ADUC and some other AD-tools can be installed from adminpak.msi located in \win2003servername\admin$\system32\adminpak.msi
In Vista and above, the tools are part of RSAT (Remote Server Administrative Tools).
Henrik JohanssonSystems engineerCommented:
It doesn't really matter that it's a Windows Server 2008 domain as long as you use policy settings that is compatible with the older OS
Some policy settings in Administrative Templates (ADM) can be relocated in 2008 structure, but you can use GPMC on a 2003/XP machine with older ADM-files

KB about locking down TS

Download GPMC for Windows Server 2003
MCSA2003Author Commented:
Thanks for the quick reply. I saw the KB article about locking down the TS. The issue I was having is that in the 2008 GPO, the settings are not in the correct place. For example, the first step is:

[Computer Configuration\Admin Templates\System\Group Policy]

Enable the following setting:
User Group Policy loopback processing mode

This setting is not available in the 2008 GPO. The link that you provided for 2003 GPMC, are you saying this needs to be installed on any XP or 2003 box? If so, how do I link it to users on the 2008 domain controller? Couls it be ran on the terminal server and configured there?
MCSA2003Author Commented:
I installed GPMC on an XP machine and everything worked perfectly. Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.