GPO on Terminal Server

Hello Experts,
I have to setup certain rights for some users, the environment is TS 2008 R2.

Please find attached Excel List for Rights Matrix... there are certain things which I have abbreviated with ABC & XYZ, however you can just consider them to be as some program or location.



Regards,
A
rightsmatrix.xls
LVL 11
AcklesAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Darius GhassemConnect With a Mentor Commented:
http://support.microsoft.com/kb/231287
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_1876-Understanding-Group-Policy-Loopback-Processing.html
http://support.microsoft.com/kb/260370

Take a look at the links get a better understanding of loopback processing.

Do you know about security filtering gpos?

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

http://technet.microsoft.com/en-us/library/cc779291(WS.10).aspx

You will need to security filter in the GPOs you don't want to be applied to certain users.

When configuring GPOs like the detailed configuration you want testing is a big part and will take time.
0
 
Darius GhassemCommented:
What is the problem? Can you give me a little more information?

What I think you are trying to do is apply different GPOs to different users on a Terminal Server, is this correct?

You should use GPO Loopback processing to set these GPOs to be applied to the Users when they are logged into the TS server. This allows you to apply User configuration GPOs to only a certain computer.

You then want to deny GPOs for Computer GPOs for users you don't want the GPOs applied too
0
 
AcklesAuthor Commented:
Well there is no problem & actually it is the whole problem....

Our IT guy is not here & I don't have much knowledge bout GPO's, so I was looking if someone cOuld guide me before I mess up completely...

Thanks
A
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Darius GhassemCommented:
Very detailed GPO plan walking through something this difficult without GPO experience.

 
0
 
AcklesAuthor Commented:
I understand , I know how to apply GPO, but not sure bout Loopback...
Let me k ow if u can help?
A
0
 
Darius GhassemCommented:
Once you have read the links let me know what questions you have this will allow me to better help you if you understand the concept which in turn allow you to better ask questions on information you don't understand. We can build on this from there. Poking around GPOs is the only way you will find exactly what you want and how you want to apply the security settins
0
 
AcklesAuthor Commented:
Thanks a lot, I will test it & post the results... But will take sometime .
A
0
 
AcklesAuthor Commented:
Hi I have made quite a progress but I am stuck on one point.
I want to disable Windows PowerShell as it's always sitting on the Task Bar.

I found this, however still can't make it work:

http://www.kolltveit.org/?p=265

Can you please help?

A
0
 
Darius GhassemCommented:
Should work fairly easy GPO you are just denying Read access which is file security.

You can do the same thing by going to the Icon and going to properties and denying Read Access
0
 
AcklesAuthor Commented:
I learnt a lot, Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.