1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lockingdown Terminal Server with GPO

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by JC, Sep 8, 2006.

  1. JC

    JC Bit Poster

    22
    0
    14
    Hi,

    I am new to TS and to GPO's so please bear with me there may well be several easier / more professional methods to achieve what I am aiming for.

    Brief: Users need to be able to occasionally log on to network with basic user accounts. Most of the time they work from home Offline Files etc. They establish a VPN and use RDP to connect to a Terminal Server to access a CRM database. I want to prevent them from doing anything silly on the Terminal server i.e. Shutting it down or breaking something.

    So I created a test user, locked it down with a combination of a GPO applied to an OU then used NTFS permissions & Hidden attributes on the All Users / Logged in user Start menu items, with the end result of a start button with nothing operational other than the log off button and a clear desktop that will only permit them to run the desired DB (Bit of a control freak don’t you know!).
    I was relatively happy with this; I figured each remote user could use the TS specific account for RDP and an unaltered account / GPO for when attached to the network. The problem I now face is replicating this for each of the 40 or so users who will be working in this manner. I created a mandatory profile for the restricted account and copied this to a Roaming Profile share made it mandatory and assigned this as the Terminal Server profile in AD for each TS account. The plan was to add all TS accounts to a group and place this in the appropriate OU for ease of management. The problem is not all of the settings seem to have applied. To ensure no other GPO’s affect the situation I have also configured the restricted GPO with No Override.

    Can any one shed any light on these events?
     
    Certifications: 70 290
    WIP: MCITP
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    Try this guide. 8)
     
  3. JC

    JC Bit Poster

    22
    0
    14
    Wow that was a quick turn arround

    Thanks :biggrin
     
    Certifications: 70 290
    WIP: MCITP

Share This Page

Loading...