Hello,
I've been trying to find information for some time now on how to handle user accounts for people that sometimes log on to a Windows 2000 domain on their "office" desktop computers with XP Pro, then sometimes go on the road with a laptop computer and tie in to our network via Terminal Services (remote desktop connection). The Terminal Services environment is very locked down for these users so they can't do things like shut the server off, gain access to the My Computer Icon, Recycle Bin, etc....
The specific trouble I'm having setting up these accounts is if I make a special Organizational Unit for these users with all the restrictions in place for the Terminal Services connection via laptop computer, then these restrictions also affect their environment when they are logging on to the domain directly from their desktop PC's. Obviously, I don't want that to happen!
To work around this, I've had to create second logins for these people (e.g. george and george2), but this has gotten really tricky with Outlook 2000 E-mail set up for an Exchange 2000 server as I have the secondary login pointing to view the mail of the first login. It "works" and E-mail can be viewed, but when I try to reply or forward an E-mail, I get an error that says I do not have permission to send on behalf of the user. I already have the secondary user set up as a delegate with full permissons for the primary user account. I can send new E-mails no problem--just can't reply.
I tried specifying Organizational Unit restrictions based on the computer the person is logging on to, but those restrictions aren't taking effect....
Hopefully this all makes sense to someone, as I've been struggling with it for many months.
Thanks,
ShawnF
I've been trying to find information for some time now on how to handle user accounts for people that sometimes log on to a Windows 2000 domain on their "office" desktop computers with XP Pro, then sometimes go on the road with a laptop computer and tie in to our network via Terminal Services (remote desktop connection). The Terminal Services environment is very locked down for these users so they can't do things like shut the server off, gain access to the My Computer Icon, Recycle Bin, etc....
The specific trouble I'm having setting up these accounts is if I make a special Organizational Unit for these users with all the restrictions in place for the Terminal Services connection via laptop computer, then these restrictions also affect their environment when they are logging on to the domain directly from their desktop PC's. Obviously, I don't want that to happen!
To work around this, I've had to create second logins for these people (e.g. george and george2), but this has gotten really tricky with Outlook 2000 E-mail set up for an Exchange 2000 server as I have the secondary login pointing to view the mail of the first login. It "works" and E-mail can be viewed, but when I try to reply or forward an E-mail, I get an error that says I do not have permission to send on behalf of the user. I already have the secondary user set up as a delegate with full permissons for the primary user account. I can send new E-mails no problem--just can't reply.
I tried specifying Organizational Unit restrictions based on the computer the person is logging on to, but those restrictions aren't taking effect....
Hopefully this all makes sense to someone, as I've been struggling with it for many months.
Thanks,
ShawnF