terminal services administrative template / GPO

  • Thread starter Thread starter ericggordon
  • Start date Start date
E

ericggordon

seeking terminal services administrative templates ...

in particular: need to set permissions (for non-
administrator "administrators") under terminal services
configuration for TS running on domain controllers

Thanks in advance ...
 
Dear Eric,

Thank you for your posting.

To add/set permissions for user accounts, please follow the instructions
below:

Verify that the user has permission to initiate Remote Control.
Administrators, by default, can use Remote Control with other users'
sessions. Users do not have this right. To give specific rights for groups
other than Administrators:

1. Start the Terminal Services Configuration tool.
2. Double-click the connection you want to modify.
3. Click the Permissions tab.
4. Click Advanced, and then click Add.
5. Specify the user or group you want to add so the user or group can use
Remote Control.
6. After adding the user or group, the Permission Entry dialog box appears.
Click to select the Allow column for Remote Control.
7. Click OK.
8. Click OK, and then click OK.

For information about how to use Terminal Services for remote
administration of the Windows 2000 Server family, view the following
Microsoft Web site:

http://www.microsoft.com/windows2000/techinfo/administration/terminal/tsremo
te.asp

To allow older programs to run correctly under Terminal Services in Windows
2000, additional permissions are granted to Terminal Services users.

You can remove the additional permissions by using the Notssid.inf security
template in the %SystemRoot%\Security\Templates folder. After you apply the
Notssid.inf security template, the system has the same default permissions
as a standard Windows 2000-based server, but with Terminal Services
enabled. To apply this security template:

1. At a command prompt, type "cd /d %systemroot%\security\templates folder"
(without the quotation marks), and then press ENTER.

2. Type "secedit /configure /db notssid.sdb /cfg notssid.inf [/log
notssid.log]/verbose" (without the quotation marks), and then press ENTER.

For the detailed information, please refer to the following articles:

238965 Removing Additional Permissions Granted to Terminal Services Users
http://support.microsoft.com/?id=238965

232792 HOW TO: Use the Terminal Services Remote Control Feature
http://support.microsoft.com/?id=232792

Hope it helps.

Thanks and have a good day!

Regards,
Benny Fu
Product Support Services
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
 
Back
Top