Limited Desktop Policy for specific users/groups to specific serve

Discussion in 'Active Directory' started by Kuiggie, Apr 1, 2005.

  1. Kuiggie

    Kuiggie Guest

    How to I use GPO to set limited desktop user policies for certain
    users/groups to only select servers (e.g. Terminal Servers)?

    I am trying to set a "limited desktop" policy for Terminal Servers for only
    a select few users/groups. But I do not want this "Limited desktop" policy to
    be applied when the select users/groups log onto their local machine.
     
    Kuiggie, Apr 1, 2005
    #1
    1. Advertisements

  2. Hello Kuiggie,

    Look at the Loopback mode for GPOs. You can set Loopback within the
    GPOs, and it will tell the computer to use the user-specific parts of
    the GPOs which apply to the computer object. You can select if those
    should merge or replace the settings of the GPOs applying to the
    user-object.

    Remember that usually the User-specific part of the GPO applying to the
    computer-object is never being used, as is the computer-specific part
    of a GPO applying to the computer object. But Loopback-mode was
    designed for especially the reason you mentioned: Terminal Services or
    kiosk machines which you want as locked down as possible no matter what
    user logs on.

    Look at the following KBs (and search for GPO + Loopback for more
    stuff):

    231287 Loopback Processing of Group Policy
    http://support.microsoft.com?id=231287

    278295 How to lock down a Windows Server 2003 or Windows 2000 Terminal
    Server session
    http://support.microsoft.com?id=278295

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    WebSite: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Apr 1, 2005
    #2
    1. Advertisements

  3. Kuiggie

    Kuiggie Guest

    That's exactly what I was looking for Thank you! However, is there a way to
    exclude administrators from also being applied the User Policy for these
    Loopbacked servers?

    Thanks for you help in advance.

    Kuiggie
     
    Kuiggie, Apr 1, 2005
    #3
  4. Kuiggie

    Todd J Heron Guest

    Put the administrators into a security group, put that group into the TS OU,
    and uncheck the box "Apply Group Policy".
     
    Todd J Heron, Apr 2, 2005
    #4
  5. Kuiggie

    Kuiggie Guest

    Todd, once again, exactly what I was looking for. Thanks it worked great!
     
    Kuiggie, Apr 5, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.