Active Directory and Terminal Server

[bfriedman1]

I do most work on Unix/Linux boxes, but I fill in as a Windows admin from time to time. A client has asked me to set up something that I did with win2000 server a long time ago, but I am having trouble getting this set up on Windows 2003 SP2 - using a domain controller and active directory to restrict terminal server users on a domain computer. I have read many things online, including the guides on ms's site. Something just isn't working in my setup, specifically - determining how to properly set up the "terminal server specific profile" on the non-pdc machine.

I searched this site's forums, but didn't see anything directed to terminal server and active directory specifically.

The intent is to restrict users via group policy that will be reaching a terminal server from external (global) sub-nets.

Thanks,

Brent Friedman

 

[markdmac]

You can specify a TS profile in AD Users & Computers on the Terminal Server tab. To apply GPOs to the Terminal Servers, move the servers to their own OU and apply your policies to the OU. If you need to lock down the users and not the computer, then you will want to use Loopback processing on the GPO.



I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.