Design the right policy scope for terminal server so that users can open control pannel and etc...
Posted on 2011-02-16
i started to get mixed-up with how to implement policy to the terminal server.
lets start with a single policy i getting trouble to implement as an example.
the policy is to restricte the user access to the control pannel in the terminal server.
how do i do that?
i have 2 policies, one the defualt domain policy and one for the defualt domain conntrolers policy.
i want that this policy will only apply to the specific server and will not arrive to the users pesonal computers.
problem is that i dont see any policy that blocks control pannel access in the computer configuration, only in the user configuration.
but when i using this policy in the user configuration and apply the policy scope only to the OU where the terminal server lives, then the GPO doent apply, so i guss that is because the user/s are not in same OU that the server exist, therefore the policy in the user configuration doesnt apply?
i cant use the scope to all of the domain because this policy is in the user level and will apply to all computers in the domain , and i dont have this specific policy in the computer level in server 2003 so i cant just apply it to the treminal server OU.
how do i implement that? the only thing i can thing about is something not pretty at all like putiign all the users that use this terminal server and the terminal server computer account in the same OU.