lock down Terminal server

[qq]

Hi All,

I have a Terminal server. I have a domain controller in anohter computer. I
setup users as domain users by using Active Directory. For allowing user
access the TS, I setup a group - TS group and setup local computer policy to
allow the group access the computer from the network.

By now, I am using Start program at logon to run an application when I setup
user Properties. So, when user Remote login TS, then, directly start the
application.

Becasue I have install one more applications in TS, and users will use three
applications when they login to TS. I want to lock down everything in TS
except put these three application icons on desktop. So, when users login TS,
just see three application icons on the desktop, and run them.

Can anybody help me out? Thanks a lot.

--qq

 

[Geanina[MSFT]]

Hi!

You can use a combination of group policies to lock down a server:
gpedit.msc\User Config\Administrative Templates\Desktop, Start Menu etc.

What vesrion of OS are you running? We have other options avaolable with
Windows 2008 - RemoteApp publishing.

Thanks,
Geanina

"qq" wrote:

> Hi All,
>
> I have a Terminal server. I have a domain controller in anohter computer. I
> setup users as domain users by using Active Directory. For allowing user
> access the TS, I setup a group - TS group and setup local computer policy to
> allow the group access the computer from the network.
>
> By now, I am using Start program at logon to run an application when I setup
> user Properties. So, when user Remote login TS, then, directly start the
> application.
>
> Becasue I have install one more applications in TS, and users will use three
> applications when they login to TS. I want to lock down everything in TS
> except put these three application icons on desktop. So, when users login TS,
> just see three application icons on the desktop, and run them.
>
> Can anybody help me out? Thanks a lot.
>
> --qq

 

[qq]

Hi, thank you so much for your help.

You means that I should create a OU, then, create a Group Policy for the
OU, then, add the users to the OU. right?

The question is that if I do this, when the user login to anohter computer
or servers except TS, the user will still have the limit access to these
computers, right? I don't want to do it. I would like just limit access TS.
For another computers, I donot want to limit the users access them.

My TS OS is Windows 2003

Any idea? Do you have a step guide for me? thanks a lot.

--qq
"Geanina[MSFT]" wrote:

> Hi!
>
> You can use a combination of group policies to lock down a server:
> gpedit.mscUser ConfigAdministrative TemplatesDesktop, Start Menu etc.
>
> What vesrion of OS are you running? We have other options avaolable with
> Windows 2008 - RemoteApp publishing.
>
> Thanks,
> Geanina
>
> "qq" wrote:
>
> > Hi All,
> >
> > I have a Terminal server. I have a domain controller in anohter computer. I
> > setup users as domain users by using Active Directory. For allowing user
> > access the TS, I setup a group - TS group and setup local computer policy to
> > allow the group access the computer from the network.
> >
> > By now, I am using Start program at logon to run an application when I setup
> > user Properties. So, when user Remote login TS, then, directly start the
> > application.
> >
> > Becasue I have install one more applications in TS, and users will use three
> > applications when they login to TS. I want to lock down everything in TS
> > except put these three application icons on desktop. So, when users login TS,
> > just see three application icons on the desktop, and run them.
> >
> > Can anybody help me out? Thanks a lot.
> >
> > --qq

 

[Ralph]

Create a "TS lockdown" OU to place the TS into, rather than the users.
That's how I do it and it has worked fine for years. Admin users will not be
affected by the OU policy that is being applied to the TS, only non-admin
users will be affected and only when they login to computers that reside
within the OU that you create.


"qq" wrote:

> Hi, thank you so much for your help.
>
> You means that I should create a OU, then, create a Group Policy for the
> OU, then, add the users to the OU. right?
>
> The question is that if I do this, when the user login to anohter computer
> or servers except TS, the user will still have the limit access to these
> computers, right? I don't want to do it. I would like just limit access TS.
> For another computers, I donot want to limit the users access them.
>
> My TS OS is Windows 2003
>
> Any idea? Do you have a step guide for me? thanks a lot.
>
> --qq
> "Geanina[MSFT]" wrote:
>
> > Hi!
> >
> > You can use a combination of group policies to lock down a server:
> > gpedit.mscUser ConfigAdministrative TemplatesDesktop, Start Menu etc.
> >
> > What vesrion of OS are you running? We have other options avaolable with
> > Windows 2008 - RemoteApp publishing.
> >
> > Thanks,
> > Geanina
> >
> > "qq" wrote:
> >
> > > Hi All,
> > >
> > > I have a Terminal server. I have a domain controller in anohter computer. I
> > > setup users as domain users by using Active Directory. For allowing user
> > > access the TS, I setup a group - TS group and setup local computer policy to
> > > allow the group access the computer from the network.
> > >
> > > By now, I am using Start program at logon to run an application when I setup
> > > user Properties. So, when user Remote login TS, then, directly start the
> > > application.
> > >
> > > Becasue I have install one more applications in TS, and users will use three
> > > applications when they login to TS. I want to lock down everything in TS
> > > except put these three application icons on desktop. So, when users login TS,
> > > just see three application icons on the desktop, and run them.
> > >
> > > Can anybody help me out? Thanks a lot.
> > >
> > > --qq