Securing TS environment

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have users with thin clients connecting to a terminal server. I would like
to restrict some of the users to not be able to see the following:
-control panel, network neighborhood,Run buttons, drive letters etc.. There
are some users that like to "Play" and I would like to only allow these
particular users to have access to the applications that I have on their
desktops. How do I go about doing this? I don't want to restrict all users,
just a few.

Thanks
 
1. Create a security group called "Restricted Users" (or something
to your liking; this is not a preserved name)
2. Define a restrictive GPO, link it to the OU that contains your
Terminal Server, use "loopback processing" of the GPO with the
"Replace" option.
3. Edit the Security settings of the GPO, add the Terminal Server
computer account and the user group "Restricted Users" to the list
and give them "Read" and "Apply this GPO" rights. Make sure that
Administrators have "Deny" for "Apply this GPO" and remove
"Authenticated users" from the list

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

=?Utf-8?B?c3RvY2tjYXJzcnVz?=
 
Thanks Vera,

I do not however know where to do step 1 and step 2 and I guess 3 then. I
would need some detailed instructions if possible. I assume that this is
done on the domain controller, Active Directory Users and Computers... but
not sure.

Thanks
 
Yes, assuming you have an AD domain, create the security group for
restricted users in the AD. And that's also where you define GPOs.
You might want to do some reading on Group Policies, explaining
the ins and outs of GPOs is beyond the scope of this newsgroup.
And the articles I referenced contain already quite detailed info.

--
Vera Noest
MCSE,CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
*----------- Please reply in newsgroup -------------*

=?Utf-8?B?c3RvY2tjYXJzcnVz?=
 
Back
Top