Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2000 Group Policy

Status
Not open for further replies.
Cojast

Cojast

Technical User
Jul 20, 2005
39
US
I have a situation that i was wondering about.

When my sales guy is in the office i need him to access everything local but when he is out and does a terminal session i need him to be locked down so he can only access two programs and nothing else.

Otherwords i need two be able to create a policy for local and remote but for the same user.
 
Sort by date Sort by votes
When you say terminal session, I am assuming you use RDP to a terminal server session?
If so, look in AD Users and Computers. There are seperate tabs for local profile paths and terminal services profile paths. Perhaps you can utilize that to accomplish what you need to do.
 
Upvote 0 Downvote
Thanks for the idea but it isnt a profile problem. When they logon locally they need access to the internet control panel and everything on their computer. When they logon remote using RDP i only want access to two (accounting, sales) programs, no control panel no start menu nothing else
 
Upvote 0 Downvote
I don't think you need a user policy.
When the users logs in remotely their sessions come from the server, correct? Create a Computer policy (GPO) that is applied to the server with the settings you desire.

The thing I am not clear on is when the user is in the office he needs to access everything locally? Do you mean his workstation, if so this should work as the GPO would be applied to the server not his local computer.

 
Upvote 0 Downvote
I will try that in the mean time...

Joe comes to work plugs his laptop into the network and logs on to nobody.com as user joe. He can click on the start menu and the control panel and can access the shares on the nework that he has rights too, including his sales and accounting program.

Joe then shutsdown his laptop and takes it with him on a out of state sales call. When he gets there and hooks backup to the internet he does a RDP session back to the terminal server (nobody.com) as user Joe. This is where he needs to be locked down so he can not access the anything or even better make it so only the shutdown shows up and the sales and accounting programs show up on the desktop nothing else. I do not want him to be able to change any kind of settings on the terminal session.

Hope this helps.
 
Upvote 0 Downvote
ok... So then as stated above you would create a policy on the server with the settings you are talking about. The RDP Session is just sending him screen shots of the server desktop in which he connected to via Terminal Services. So it is the server desktop you want to lockdown. You will also want to create an Admin Policy so that if you log into the server using RDP, you wont be locked down.

Make sense???
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
149
rrmcguire
rrmcguire
phil3000
  • Locked
  • Question
Screensaver Via Group Policy
Replies
1
Views
110
markdmac
markdmac
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
85
markdmac
markdmac
usrinu
  • Locked
  • Question
applied wallpaper group policy
Replies
1
Views
78
SamBones
SamBones
RdFromK
  • Locked
  • Question
GroupPolicy error 1065 with Windows SBS CSE Policy
Replies
2
Views
160
RdFromK
RdFromK

Part and Inventory Search

Sponsor

Back
Top