Using Group Policy Editor

[usuallyconfused]

We have set up a new 2003 server to run terminal services with all remote users logging into a domain based on our old NT server. All in all, it is working very nicely now and I need to look at restricting users in what they can see and do.

I have found some Microsoft info on doing it, they all refer to using Active Directory to restrict sessions as the preferred method, but do say you can use the local policy editor if there is no Active Directory, as in our case.

I have never explored group policies and I am after some advice. Can anyone point to an idiots guide, or even give a simple example of how I go about it. I am assuming to create a new user group, which will have all authorised remote users added to it and this group will have various restrictions applied, such as not being able to access Control Panel etc. I can't quite get my head round where to start.

Thanks.

 

[tfg13]

I don't see how you can become confused (sarcasism). You are heading in the right direction though. On your 2003 server, look at your group policy of the machine (type in gpedit.msc at the run program box). Look around in there and you will find all sorts of goodies you can play with.

Here is a good link that tells you some of the nice things about group policy:

http://www.microsoft.com/windowsserver2003/techinfo/overview/gpintro.mspx

Also, get the Group Policy Management Console. Granted, it will only show your 2003 server but that's better than nothing.