Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Removing Shutdown in Terminal Sessions 1

Status
Not open for further replies.
Capsella

Capsella

MIS
Mar 20, 2003
11
0
0
CA
Hi,

I am running a Windows 2000 AD domain where a member 2003 advanced server provide terminal services. I want to prevent the terminal users to shutdown the 2003 server from their terminal sessions.

The TS are used on 2000Pro workstations authenticated in the 2000 AD and that includes the users used to log into win2000Pro. The terminal sessions are started on these workstations using the same user which is also part of a TS group I created that allows them to open terminal sessions on the 2003 server.

In order to block these users from shutting down the whole TS environment, I followed the instructions on Microsoft website at:


In the group policy snap-in, I created another OU called Terminal Sessions into where I moved the users that were normally under USERS underneath the domain.

I then started to modify the policy that I created and that should only apply to that new OU. The problem is that everyone in the domain will get their shutdown button removed, except for the terminal sessions which keep their button!!

I played with inheritance settings thinking that I could block any changes outside of the default domain controller policy, but to no avail!

There is something I am missing and I would dearly appreciate some help.

Thanks a lot
 
Sort by date Sort by votes
Why not have this group you created in the users group on the terminal services? Only people that can shut down terminal services are the administrators....
 
Upvote 0 Downvote
Hi,

Thanks for your reply.

I am not sure I understand you. I should have the terminal users made part of the member server user group and apply the policies to that local group?

Isn't there a way to do it in active directory?

Thanks!
 
Upvote 0 Downvote
This is an easy fix. From my understanding of your posts so far, you have already created an AD group that has all of the users that you need to be able to connect to the server. Are these users in the "allow shutdown from a remote system" in Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment? If they are, remove that entry, and leave administrators (you'll want to keep that in case you want to reboot the server remotely). If there is only the administrators in that group, start looking at the local groups you have set, such as the administrators group. Is the "Terminal Server users (that you assigned in AD)" included as administrators?
 
Upvote 0 Downvote
Hi again,

Your solution works! Thank you so much! I was not looking at the right place.

In 2003 though, the wording is a little different.

Thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
246
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
93
mangentle
mangentle
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
74
DrB0b
DrB0b
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
101
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top