Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Terminal Server and GPO!! 1

Status
Not open for further replies.
ErocEZE

ErocEZE

IS-IT--Management
Oct 3, 2003
8
US
Hi I have a Windows 2000 Domain with a terminal server as a member server. I have a OU setup so that certain users (when connecting off site to the terminal server) have restricted access, like not being able to shut down the server for example. This OU has a Group Policy on it and everything is worken fine. Now as time goes on I am implementing more windows xp boxes on site. (windows 98 was used primarily and GP's did not affect it)

Now lets say I have a user in the OU for restricted access when he comes in on the terminal server. Now when this user logs on "on site" (windows xp) his computer is locked down, just like it would be if he were to log on the terminal server from home. Is there anyway to seperate or over-ride the AD settings when he logs on from a computer on site. He needs restricted access when off-site but no restriction when on-site. Most, if not all settings in the GPO are under user configuration, just a FYI.
 
Sort by date Sort by votes
A remote access policy works through VPN and/or remote with PPTP or L2TP, I am talking about a remote connection to a terminal server not a vpn server or RRAS server. Unless you are talking about a different type of remote access policy then I am thinking. The terminal server does not have RRAS installed, just terminal services.
 
Upvote 0 Downvote
You can vary GPOs for machines, users, and even groups in different ways.

If you want the policy to apply to the machine and whoever logs on, then apply that policy to the OU where the server is and check off to disable user settings if you want. You can do the same for users.

For terminal services, I apply some settings to everyone via the local security settings, such as who can shut down the machine.

You can create groups and grant or deny permissions to the GPO.

The best practice is to apply the same tsettings to all TS users, and adjust the admin permissions as needed. Apply those settings to the TS only, and have another policy for people that log onto a PC instead of a TS.

I use nearly the same settings in the GPO for TS and local users, and adjust the security settings via the local security policy, and copy them to each sever.
 
Upvote 0 Downvote
Thank you much now we are getting somewhere. But Some TS users are also on site users, and there computers are WinXP, if I put them in the TS users group it effects there local computer also, locken it down, and I dont want that. I guess this may not be possible.
 
Upvote 0 Downvote
Have the xp users log in using a different login name when they are using terminal services like MJaffreyT instead of MJaffrey....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
739
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
554
MaioMaio
MaioMaio
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
977
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
581
antonio_dsanchez
antonio_dsanchez
jamescpp
  • Locked
  • Question
Windos OpenSSH server vulnerability
Replies
0
Views
690
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top