Locking down TS while preserving regular desktops...

By luciphercolors ·
Hello all,

I have a quick question: I am interested in locking down our dedicated Terminal Server for our users when they connect remotely. But if I make any changes in group policy outside of the Terminal Services group (e.g. "User Configuration\Start Menu and Taskbar"), the lockdown GPO applies (gimped Start menu, no Control Panel, etc) to both regular desktops *and* the Terminal Server.

If I put a GPO link just inside the OU with the TS, none of the user settings get applied even if I include the correct groups in the Scope tab. If I put the GPO link only the OU containing the users, they get full access to the Terminal Server per their Domain User permissions. If I link both the OU with the server, and the OU with the users, then I get the same effect that would happen if I only linked the users.

I'm still working on fully understanding just how GPO scope works, so any help would be appreciated. :-)



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums