1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

lock down Terminal server

Discussion in 'Windows Home Server' started by qq, Sep 1, 2009.

  1. qq

    qq Guest

    Hi All,

    I have a Terminal server. I have a domain controller in anohter computer. I
    setup users as domain users by using Active Directory. For allowing user
    access the TS, I setup a group - TS group and setup local computer policy to
    allow the group access the computer from the network.

    By now, I am using Start program at logon to run an application when I setup
    user Properties. So, when user Remote login TS, then, directly start the
    application.

    Becasue I have install one more applications in TS, and users will use three
    applications when they login to TS. I want to lock down everything in TS
    except put these three application icons on desktop. So, when users login TS,
    just see three application icons on the desktop, and run them.

    Can anybody help me out? Thanks a lot.

    --qq
     
    qq, Sep 1, 2009
    #1
  3. Geanina[MSFT]

    Geanina[MSFT] Guest

    Hi!

    You can use a combination of group policies to lock down a server:
    gpedit.msc\User Config\Administrative Templates\Desktop, Start Menu etc.

    What vesrion of OS are you running? We have other options avaolable with
    Windows 2008 - RemoteApp publishing.

    Thanks,
    Geanina

    "qq" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hi All,
    >
    > I have a Terminal server. I have a domain controller in anohter computer. I
    > setup users as domain users by using Active Directory. For allowing user
    > access the TS, I setup a group - TS group and setup local computer policy to
    > allow the group access the computer from the network.
    >
    > By now, I am using Start program at logon to run an application when I setup
    > user Properties. So, when user Remote login TS, then, directly start the
    > application.
    >
    > Becasue I have install one more applications in TS, and users will use three
    > applications when they login to TS. I want to lock down everything in TS
    > except put these three application icons on desktop. So, when users login TS,
    > just see three application icons on the desktop, and run them.
    >
    > Can anybody help me out? Thanks a lot.
    >
    > --qq<!--colorc--><!--/colorc-->
     
    Geanina[MSFT], Sep 5, 2009
    #2
  4. qq

    qq Guest

    Hi, thank you so much for your help.

    You means that I should create a OU, then, create a Group Policy for the
    OU, then, add the users to the OU. right?

    The question is that if I do this, when the user login to anohter computer
    or servers except TS, the user will still have the limit access to these
    computers, right? I don't want to do it. I would like just limit access TS.
    For another computers, I donot want to limit the users access them.

    My TS OS is Windows 2003

    Any idea? Do you have a step guide for me? thanks a lot.

    --qq
    "Geanina[MSFT]" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hi!
    >
    > You can use a combination of group policies to lock down a server:
    > gpedit.mscUser ConfigAdministrative TemplatesDesktop, Start Menu etc.
    >
    > What vesrion of OS are you running? We have other options avaolable with
    > Windows 2008 - RemoteApp publishing.
    >
    > Thanks,
    > Geanina
    >
    > "qq" wrote:
    > <!--coloro:green--><span style="color:green <!--/coloro-->
    > > Hi All,
    > >
    > > I have a Terminal server. I have a domain controller in anohter computer. I
    > > setup users as domain users by using Active Directory. For allowing user
    > > access the TS, I setup a group - TS group and setup local computer policy to
    > > allow the group access the computer from the network.
    > >
    > > By now, I am using Start program at logon to run an application when I setup
    > > user Properties. So, when user Remote login TS, then, directly start the
    > > application.
    > >
    > > Becasue I have install one more applications in TS, and users will use three
    > > applications when they login to TS. I want to lock down everything in TS
    > > except put these three application icons on desktop. So, when users login TS,
    > > just see three application icons on the desktop, and run them.
    > >
    > > Can anybody help me out? Thanks a lot.
    > >
    > > --qq<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
     
    qq, Sep 8, 2009
    #3
  5. Ralph

    Ralph Guest

    Create a "TS lockdown" OU to place the TS into, rather than the users.
    That's how I do it and it has worked fine for years. Admin users will not be
    affected by the OU policy that is being applied to the TS, only non-admin
    users will be affected and only when they login to computers that reside
    within the OU that you create.


    "qq" wrote:
    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hi, thank you so much for your help.
    >
    > You means that I should create a OU, then, create a Group Policy for the
    > OU, then, add the users to the OU. right?
    >
    > The question is that if I do this, when the user login to anohter computer
    > or servers except TS, the user will still have the limit access to these
    > computers, right? I don't want to do it. I would like just limit access TS.
    > For another computers, I donot want to limit the users access them.
    >
    > My TS OS is Windows 2003
    >
    > Any idea? Do you have a step guide for me? thanks a lot.
    >
    > --qq
    > "Geanina[MSFT]" wrote:
    > <!--coloro:green--><span style="color:green <!--/coloro-->
    > > Hi!
    > >
    > > You can use a combination of group policies to lock down a server:
    > > gpedit.mscUser ConfigAdministrative TemplatesDesktop, Start Menu etc.
    > >
    > > What vesrion of OS are you running? We have other options avaolable with
    > > Windows 2008 - RemoteApp publishing.
    > >
    > > Thanks,
    > > Geanina
    > >
    > > "qq" wrote:
    > > <!--coloro:darkred--><span style="color:darkred <!--/coloro-->
    > > > Hi All,
    > > >
    > > > I have a Terminal server. I have a domain controller in anohter computer. I
    > > > setup users as domain users by using Active Directory. For allowing user
    > > > access the TS, I setup a group - TS group and setup local computer policy to
    > > > allow the group access the computer from the network.
    > > >
    > > > By now, I am using Start program at logon to run an application when I setup
    > > > user Properties. So, when user Remote login TS, then, directly start the
    > > > application.
    > > >
    > > > Becasue I have install one more applications in TS, and users will use three
    > > > applications when they login to TS. I want to lock down everything in TS
    > > > except put these three application icons on desktop. So, when users login TS,
    > > > just see three application icons on the desktop, and run them.
    > > >
    > > > Can anybody help me out? Thanks a lot.
    > > >
    > > > --qq<!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
     
    Ralph, Sep 16, 2009
    #4

Share This Page