I have a Win2k server acting as a terminal server in an NT domain (hence no AD). I am trying to configure a policy that will lock down the terminal server (hidden drives, disabled cmd prompt, etc..) for any client connecting through terminal services.
My problem is the policy is a computer policy hence it applies to any users who log on locally to the server. This causes a problem when we want to perform admin on the server - should we have to disable the policy each time we log on, or can we apply the policy to one user only (i.e. the user who will be logged on when terminal services is being run?). If possible, I don't wan't to implement NT4 domain based policies.
Hope this makes sense to someone out there?
My problem is the policy is a computer policy hence it applies to any users who log on locally to the server. This causes a problem when we want to perform admin on the server - should we have to disable the policy each time we log on, or can we apply the policy to one user only (i.e. the user who will be logged on when terminal services is being run?). If possible, I don't wan't to implement NT4 domain based policies.
Hope this makes sense to someone out there?