Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locking down Terminal Services

Status
Not open for further replies.
brendaluv

brendaluv

Technical User
Dec 2, 2002
144
0
0
CA

i did the above and the shutdown button is still available when are connecting to the box.

i have a OU called Terminal Services - inside you'll find terminalservices group and the server object. terminal services group has domain users group under members and all users are part of the domain users group.

logically the policy should apply to users logging on to the terminal server...but the shutdown button is still available and anyone can shutdown the server.

i'm not sure what to do next...
 
Sort by date Sort by votes
well...the policy finally kicked in and the users are no longer able to shutdown the system.

unfortunetly this has also locked down the administrator account from being able to access the MMC console or the shutdown button.

i guess you win some and you lose some...

 
Upvote 0 Downvote
I am sure that you have found that group policy will apply to user and computers but not groups. What you would want to do is apply the policy to the server and then enable loopback processing to apply it to any user that logs onto the system.

If you do not want the policy to apply to an administrator or an administrator group you can set permissions for whom the group policy will apply in the security filtering of the group policy.
 
Upvote 0 Downvote

above is a good thread that summarizes our situation.

i still cannot get the MMC to run when logging on with an Domain Admins account despite explicitly denying Apply Group Policy setting to the lockdown GPO.

as a work around, on the RAS, i created a local account with admin rights, then connected to a remote session and logged on locally with that account and the MMC works.
 
Upvote 0 Downvote
You might want to run GP Results from the Group Policy Management Console with your domain admin and the terminal server as the the variables. This will show you what policies are being applied and which are not and why.

If you don't have the Group Policy Management Console, get it. It is free from Microsoft.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
118
Aquiles Vidal
Aquiles Vidal
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
74
DrB0b
DrB0b
GriffMG
  • Locked
  • Question
Server 2016 IIS - When opening default web page in Edge (chromium) it downloads rather than opening
Replies
1
Views
77
GriffMG
GriffMG
UnpluggedFE
  • Locked
  • Question
Terminal Server Farm Desktop Shortcuts
Replies
1
Views
46
gbaughma
gbaughma
AndyH1
  • Locked
  • Question
Login and Reporting Services and sessions issue
Replies
0
Views
29
AndyH1
AndyH1

Part and Inventory Search

Sponsor

Back
Top