lock down TS users

  • Thread starter Thread starter Young
  • Start date Start date
Y

Young

What's the best way to lock down Terminal Server users. I created Group
Policy and moved Terminal Server in to that OU and it locked everybody out
including Administrator.
Is there way to exclude Administrator? Locking by user account is not an
option. I only want to setup Group Policy on Terminal session.

Any idea would appreciated

Thanks,
 
You should do two things:

* apply "loopback processing" of the GPO to avoid locking down
desktops as well
* give Administrators "Deny" on the right to "Apply this policy",
but "Allow" on the Read and Write rights. This ensures that
Administrators will not be locked down by the GPO, but they can
still modify it.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
 
Back
Top