Link to home
Create AccountLog in
Avatar of desmarler
desmarler

asked on

admin has restricted terminal desktop Server 2003

We added a new terminal services user to a 2003 windows domain and terminal server. We use default local profiles no roaming. User has restricted access, can't right click on desktop icons, no access to c drive via my computer...which is not what we wanted for this user.  We did at one time have a restricted desktop for some users in a separate OU implemented by a GPO.  This user is not in that OU....part of testing this issue was to set this user to a domaiin and local admin on the server...no change...another existing user did not have this problem and had identical security perms and same container..  So I deleted that users local terminal server profile.  Now that user has the same problem and is an admin as well.  I tried moving the users and the citrix server into a newly created OU....gupdate on the terminal server....I am not sure where to go from here...why are my power uses getting this restricted desktop?
Avatar of gtfiji
gtfiji

It's possible that the terminal server has a local policy that restricts the users.  If that were the case, any users who ever had the good fortune of having a GPO relax their restrictions would still benefit from the relaxed settings even if they were moved out from under the scope of influence of that GPO.  That is, until you deleted their user profile, at which time they would be subject to the same restrictive settings that all new users experience.  Putting the server object into a new OU would do nothing at all to the users' restrictions (unless "loopback processing" happens to be turned on, in which case moving it around may or may not affect the users' experience, depending on the settings in the GPOs governing the OUs that you're moving the objects from or to).

So, to be clear. . .this is a user who can log on to a client machine and experience all of the unrestricted behavior, right?  It's only when he logs on to this terminal server that the restrictions occur?  If that's the case, run gpedit.msc on the terminal server, and look through the "User Configuration" settings to see if that's where the restrictions are coming from.

If, however,  the user is experiencing the restrictions on every desktop that he logs in to and you want to keep it that way, you'll have to turn on loopback processing on the terminal server.

Avatar of desmarler

ASKER

correct said users can login to another system and DO NOT have the restrictions.  Only when they login to this terminal server.  Ran Gpedit.msc on terminal server, none of the restricted  settings are configured.
SOLUTION
Avatar of gtfiji
gtfiji

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Replacing the default profile solved the  problem.