Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing Win2000 Terminal servers w/ Group policies

Status
Not open for further replies.
scotts660r

scotts660r

IS-IT--Management
Jun 12, 2002
1
US
In a windows 2000 AD domain structure, Is there a way that we can use (1) domain user account and have group policies (remove my computer icon, remove network neighborhood icon, hide local drives, etc) inforced only when the user logs onto the Win2000 terminal server session and NOT when they use the same account to log onto thier own Windows 2000 Pro. PC. Most of the policies that I want to enforce are found undeder the "user configuration" not the "computer configuration". We want to secure the terminal server sessions but we do not want to have to maintain (2) accounts for each person.
 
Sort by date Sort by votes
Can it be using same user account and one login to the server and the other for login to the local machine?
 
Upvote 0 Downvote
Sorry that is one account login to both domail and local machine.
 
Upvote 0 Downvote
I am having this same issue. We want to lock the users down when connecting to a TS, however, not affect them when they attach to say a data server running 2000. We use Citrix and I was looking at using all the tools built into it to lock them down. Our current standard running on WinNT4.0 we use the policies to pretty much neuter them so they can't 'accidently' do any harm to the servers. I tried using the WinNT policy package on Win2k, but I can't get the policies to be recognized. I was going to only allow published applications and publish a desktop with only Admin's the ability to log on to it, but the question asked above would be more helpful if someone has an answer. Mike Brown CCA
 
Upvote 0 Downvote
I believe what you're asking to do is to use the Group Policy Loopback Processing Mode (GPLBPM). You can find it under Computer Configuration\Admin Templates\System\Group Policy.

Add your servers to an OU and enable the GPLBPM. This is suppose to direct anyone logging on to those servers and have the GP applied to them, also have the user configurations applied. I've tested it but it doesn't work for me. The only reason I can think why it doesn't is because I'm not in a totally Windows 2000 domain, I've still got 2 BDC's. According to Microsoft, you need to be totally 2000.

If you get it to work let me know.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
737
Aquiles Vidal
Aquiles Vidal
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
366
DrB0b
DrB0b
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
619
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top