OOsorio
asked on
Terminal Server Desktop LockDown - How to..
In Active Directory I have a OU titled New Terminal Server Environment. The TS users are in this OU and each user is a member of Remote Desktop Users.
New Terminal Server Environment is also shown In Group Policy Management. Beneath that entry I created a linked GPO titled TS_User_Lockdown and enabled some options like don't show Run in the Start Menu.
Tried it and doesn't work.
New Terminal Server Environment is also shown In Group Policy Management. Beneath that entry I created a linked GPO titled TS_User_Lockdown and enabled some options like don't show Run in the Start Menu.
Tried it and doesn't work.
is your lockdown not working or your TS not working?
have you ticked "Block policy inheritance" on new OU?
Have you tried to force it with gpupdate /force command ?
ASKER
sukamto: The lockdown is not working.
I have not ticked Block Policy inheritance on new OU
jjoz: I have not tried to force it with goupdate /force
I went to the command prompt to try the goupdate /force and got a error message:
goupdate is not a recognized internal or external command.
I have not ticked Block Policy inheritance on new OU
jjoz: I have not tried to force it with goupdate /force
I went to the command prompt to try the goupdate /force and got a error message:
goupdate is not a recognized internal or external command.
ASKER
jjoz: Reading your instruction i realize it is gpupdate /force. Tried it. The instruction was accepted by the command prompt but the policy is still not working.
Hi,
Refer this article:
http://itbod.wordpress.com/2009/11/23/how-to-lock-down-windows-server-2008-terminal-server-sessions/
I hope this helps,
Shree
Refer this article:
http://itbod.wordpress.com/2009/11/23/how-to-lock-down-windows-server-2008-terminal-server-sessions/
I hope this helps,
Shree
ASKER
I have looked at that before but in WinServer 2008 Active Directory, under properties, you don't get the Group Policy Tab as shown in the second graphic.
can post the screenshot of your gpo
ASKER
ok, in this case OOsorio,
perhaps trying to configure the lockdown through local GPO (Start | Run | "gpedit.msc" )
is the way to go since configuring it from domain controller is too much efforts (assuming only one Terminal server instance that you want to lock down).
cmiiw
perhaps trying to configure the lockdown through local GPO (Start | Run | "gpedit.msc" )
is the way to go since configuring it from domain controller is too much efforts (assuming only one Terminal server instance that you want to lock down).
cmiiw
Read the link. 2008 it is not gpedit.msc, the correct command is gpmc.msc
ASKER
The Event Viewer is showing this error:
The processing of Group Policy failed. Windows could not locate the directory object OU=New Terminal Server Environment,DC=domain,DC=c
The processing of Group Policy failed. Windows could not locate the directory object OU=New Terminal Server Environment,DC=domain,DC=c
ASKER
What is THE NETWORK SERVICE ACCOUNT?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found this: To resolve this problem, grant sufficient permissions to access the parent OUs to all the user accounts and to all the computers that apply Group Policy settings through the OUs.
I gave read rights to Authenticated Users for that particular OU and it worked.
I gave read rights to Authenticated Users for that particular OU and it worked.
Thanks for returning back to this question OOSorio :-)
perhaps next time you can give maximum 500 points to all of your question so that the experts attracted to answer it.
perhaps next time you can give maximum 500 points to all of your question so that the experts attracted to answer it.