Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations MikeeOK on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Terminal Server, Active Directory & Group Policy Object

Status
Not open for further replies.
jakatz

jakatz

IS-IT--Management
Feb 11, 2005
131
US
We have an office of diverse users. Some users log into Active Directory and have a GPO applied to their login (of course on their local machine.) Other users, login to Active Directory from their workstation, get the script and GPO as defined (same scenario as above), but they may futher go on to login to a Terminal Server session to run some applications. Although when the user logs into their Terminal Server session, and they DO get their "mappings," their GPO is NOT carried into the Terminal Server session (to avoid them from having internet access, etc.) Note, that one user might be allowed internet access (in general), while another user should be denied access.

Is there a way to put their individually / OU assigned GPO into effect from within the Terminal Server session? Or, as I beleive, is it NOT possible to apply a GPO to individual users in a Terminal Server session as the policy would have to be applied to ALL active user sessions in the Terminal Server? Or, lastly, is there a different way to deny individuals access to certain appplications (i.e. Internet Explorer, etc.), while they are in a Terminal Server session?
 
Sort by date Sort by votes
You need to do some more reading on GPO placement.

If you move your GPOs to the domain level you will get them to flow downward to any users/computers. You can set individual apply/deny rights to a GPO as well by editing the GPO security.

You can configure a fake proxy for users to block Internet access in IE while still allowing intranet access.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Or, as I beleive, is it NOT possible to apply a GPO to individual users in a Terminal Server session as the policy would have to be applied to ALL active user sessions in the Terminal Server?
Click to expand...

We are in a complete terminal server environment and 2 different users on the same terminal server can have completeley different GPO's applied. I agree with Mark, it is probably where the GPO's are placed. They should be able to also be applied to their terminal server sessions.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
839
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
646
MaioMaio
MaioMaio
julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
285
julis2103
julis2103
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
730
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
1K
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top