zelfanet
asked on
windows 2008 r2 RDS Server
I recently set up a Windows 2008 Server and set it up for RDS( Remote Desktop Services) I set up the accounts and licensing and the users can log in. I am interested in customizing the experience for the user. Specifically, I want to add applications and restrict areas that can see (ex. blocking their access to C drive, not allowing them to install stuff). How do I do this?
ASKER
Thanks bedind,
Can you explain to me how to create a policy.
Can you explain to me how to create a policy.
if you have active directory, make sure you know which OU the computer is in, might be worth moving it to it's own - then using the 'Group Policy Management' administration tool, create a policy which applies to that OU. Not something that's easily explained, but there's some ueful video's and tutorials around.
If you're not using Active Directory, then you can create a local policy using the snap-in from the Microsoft Management Console. (start -> run -> mmc).
With both of the options, be careful as it's possible to lock out some required functionality - especially with using it locally, it's possible to disable yourself access..
Possibly useful links:
http://support.microsoft.com/kb/256345
http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=3&cad=rja&ved=0CFUQtwIwAg&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DoTmDIP01AXY&ei=_LgxUKzUC4e8iAf37YGwBQ&usg=AFQjCNGe8qeGCrFhrqNRMx5bNEAK3Jng4w
If you're not using Active Directory, then you can create a local policy using the snap-in from the Microsoft Management Console. (start -> run -> mmc).
With both of the options, be careful as it's possible to lock out some required functionality - especially with using it locally, it's possible to disable yourself access..
Possibly useful links:
http://support.microsoft.com/kb/256345
http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=3&cad=rja&ved=0CFUQtwIwAg&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DoTmDIP01AXY&ei=_LgxUKzUC4e8iAf37YGwBQ&usg=AFQjCNGe8qeGCrFhrqNRMx5bNEAK3Jng4w
ASKER
Thanks for the links.
I went in and created a new ou and put the RDS Server inside of it. I then opened Group Policy Management and right clicked on the OU. Do I pick 'create a gpo in this domain, and link it here' ?
I went in and created a new ou and put the RDS Server inside of it. I then opened Group Policy Management and right clicked on the OU. Do I pick 'create a gpo in this domain, and link it here' ?
Yes, that will create a new policy and will apply it to anything in that OU :)
ASKER
So when I dropped the server into that ou, I was no longer able to remote into it. I moved it back to the other ou and I can then connect to it. I guess there is a policy normally that allows remote access?
It seems like there a ton of options, is there anyway that has done this on a RDS server tha can tell me which things to modify?? Also, under computer I donyt see a policy to blovk access to the C Drive, I see it under users....
It seems like there a ton of options, is there anyway that has done this on a RDS server tha can tell me which things to modify?? Also, under computer I donyt see a policy to blovk access to the C Drive, I see it under users....
ASKER
To clarify, I want to block access for all users of the RDS Server, I see an item that is under the 'user' section and not that 'computer' section. If I enable that, wont it effect the regular users on the network?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That worked great!
The users see the Administrative tools and Windows Security shortcuts on the start bar, how can I get rid of that?
The users see the Administrative tools and Windows Security shortcuts on the start bar, how can I get rid of that?
To restrict user access, firstly make sure they're not local administrators - then the best way would be to use group policy, Assuming you have an active directory structure in place, create a policy that applies to the remote desktop server, and you can modify users access.