Solved

GPO on Terminal Server

Posted on 2011-03-04
10
329 Views
Last Modified: 2012-05-11
Hello Experts,
I have to setup certain rights for some users, the environment is TS 2008 R2.

Please find attached Excel List for Rights Matrix... there are certain things which I have abbreviated with ABC & XYZ, however you can just consider them to be as some program or location.



Regards,
A
rightsmatrix.xls
0
Comment
Question by:Ackles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35040893
What is the problem? Can you give me a little more information?

What I think you are trying to do is apply different GPOs to different users on a Terminal Server, is this correct?

You should use GPO Loopback processing to set these GPOs to be applied to the Users when they are logged into the TS server. This allows you to apply User configuration GPOs to only a certain computer.

You then want to deny GPOs for Computer GPOs for users you don't want the GPOs applied too
0
 
LVL 11

Author Comment

by:Ackles
ID: 35040905
Well there is no problem & actually it is the whole problem....

Our IT guy is not here & I don't have much knowledge bout GPO's, so I was looking if someone cOuld guide me before I mess up completely...

Thanks
A
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35040942
Very detailed GPO plan walking through something this difficult without GPO experience.

 
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Author Comment

by:Ackles
ID: 35040952
I understand , I know how to apply GPO, but not sure bout Loopback...
Let me k ow if u can help?
A
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35040965
http://support.microsoft.com/kb/231287
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_1876-Understanding-Group-Policy-Loopback-Processing.html
http://support.microsoft.com/kb/260370

Take a look at the links get a better understanding of loopback processing.

Do you know about security filtering gpos?

http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html

http://technet.microsoft.com/en-us/library/cc779291(WS.10).aspx

You will need to security filter in the GPOs you don't want to be applied to certain users.

When configuring GPOs like the detailed configuration you want testing is a big part and will take time.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35040976
Once you have read the links let me know what questions you have this will allow me to better help you if you understand the concept which in turn allow you to better ask questions on information you don't understand. We can build on this from there. Poking around GPOs is the only way you will find exactly what you want and how you want to apply the security settins
0
 
LVL 11

Author Comment

by:Ackles
ID: 35040978
Thanks a lot, I will test it & post the results... But will take sometime .
A
0
 
LVL 11

Author Comment

by:Ackles
ID: 35145841
Hi I have made quite a progress but I am stuck on one point.
I want to disable Windows PowerShell as it's always sitting on the Task Bar.

I found this, however still can't make it work:

http://www.kolltveit.org/?p=265

Can you please help?

A
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35157875
Should work fairly easy GPO you are just denying Read access which is file security.

You can do the same thing by going to the Icon and going to properties and denying Read Access
0
 
LVL 11

Author Closing Comment

by:Ackles
ID: 35160052
I learnt a lot, Thanks
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
UniFi MAC address filtering 2008 R2 13 100
Robocopy parameters. 6 43
Exchange 2010 mailbox move 7 51
how to force a GPO update on all computers in a domain at once? 1 54
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question