Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Question about security policy

Question about security policy

Question about security policy

I have users accessing terminal server remotely, and would like to be able to restrict what they can access during their session.  Every user appears to have full control of the system during their session.
I have tried creating a Restricted Users group, then adding a member, then going to C: properties, then to security tab, and un-checking everything.  Then I went to just the folders I want them to access and set permissions on them.  Once I logged on as the user in the Restricted Users group, they still had access to everything.

What can I do?

RE: Question about security policy

How to apply Group Policy objects to Terminal Services servers


Great knowledge can be obtained by mastering the Google algorithm.

RE: Question about security policy

I figured it out.  I basically did everything I already did, but chose deny for list directory contents on C:, then on folders I want the group to access, I unchecked inherit permissions, and set the to modify.

Now one more question, since I cannot create additional containers in AD, is it OK to use a OU?  I want to move my groups out of the users container into their own container.


RE: Question about security policy

Groups should have their own OU..you will be fine.  I break mine in to seperate OU's (security and DL) Get granular with your AD structure...it really helps in GPO's and finding stuff :)

Great knowledge can be obtained by mastering the Google algorithm.

RE: Question about security policy

We have seperate OU's for security groups and distribution groups.  The security groups has two sub OU's, one for resource groups, one for user roles.  On the file systems, we apply ntfs permissions to the resource groups (domain local groups).  In AD, we add roll groups (domain groups) as members of the resource groups.  When someone gets hired, all we have to do is grant them a role membership.  Our resource group names reflect the locations where permissions are applied i.e. rsc_server_share_folder_sub-[f,r,w,m] (full,read,write,modify).  The role names reflect the user roles i.e. rol_accounts_receivable.

Start, Help.  You'll be surprised what's there.  A+/MCP/MCSE/MCDBA

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close