Windows

General discussion

Gravatar
Locked

user profiles in terminal session

By maddiuex ·
Hi
Need to know how to use a certain profile in windows 2000 terminal session, and another for the Local workstation.
1 Server 20 workstations.
1. App on certain everyone will use.
1. certain profile when logged into workstation.
breakdown. Really would like to limit the users on the terminal session, and I created a OU and edited the group policy. and sent the users to that policy. But when on workstation they get the same policy as terminal session>? Hope I satated that correctly

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by Curacao_Dejavu In reply to user profiles in terminal ...

because you need to create 2 policies.
one for the terminal server and one for the local workstation.In the active directory users and computers, in the useraccount there are 2 tabs, profiles and Terminal services profiles.


Or create a local account on the workstation (or a general account on the domain, and let them use that account to login. And then in that account create a connection to TS and use the account and plociies that you have defined. In general unless the really need to access something on the workstation don't let them login into the workstation.

I am using the book: Windowes nt/2000 Thin client solutions: implementing terminal services and citrix metaframe: isbn1-57870-239-9.


Leopold

gravatar
Collapse -

by Curacao_Dejavu In reply to

but that's what the book and I are saying. (although I have never done this because we only allow access to the terminal server, not to the local pc or wyse terminal).
supposely you can create 2 users profiles, one for domain login and one terminal server login (see the tabs in active directory users and computers).

the other remark that I made is that each user 2 accounts (you can save the connection with password , so wont event notice that are 2 different accounts).
Of course depends of the size of the organization is solution may not be feasible.

on a side try to keep away from roaming profiles.
A profile will contain among other things all temporary files from IE ,and if they start saving items on the desktop there profile will start to grow and all of that traffic will go over you network.


we have been doing this since 1999 with the TSE for NT. the best solution was to keep fat clients to work only with pc's and thin clients with only TS.
in the rare case somebody needed both , we create 2 accounts for them. On for the local login and one for the thin session.

we might need to upgrade to w2k TS so thats how why I am reading that book, and gathering info.
the policies implementation seems better in w2k than on TSE for NT.


Anyway your case is different of course.

Leopold

gravatar
Collapse -

by maddiuex In reply to

Poster rated this answer.

gravatar
Collapse -

by ewgny In reply to user profiles in terminal ...

You can put the computer object for the Terminal server in the OU that you created, and put the users back in the OU that they were in
Create a loopback policy in the new OU. The looback policy will make the group policies apply to the computer object (Terminal Server)
instead of the user. Therefore the loopback policy will only apply to the users, when they log onto the Terminal Server.
Another thing you can do is to set up new user accounts Teminalserveruser01 , 02 etc. Put them in the OU you created. Now on the clients computer when you set up the TS client have the client automatically login with one of the new user accounts, The user won't even know they are logging on to the Terminal Server with a different account. This will allow you to have different policies for the user and the users TS session.

gravatar
Collapse -

by ewgny In reply to

This links may help
http://tinyurl.com/yaw6
Also you can configure the loopback group policy to not allow a roaming profile
Computer Configuration - system - Logon
- use only local profile. You can further lockdown the policy so the user can't change the local profile created on the TS.
Remember - you want the loopback policy to replace not merge with the policies that the user receives from the OU where the user account resides.

gravatar
Collapse -

by maddiuex In reply to

Poster rated this answer.

gravatar
Collapse -

by maddiuex In reply to user profiles in terminal ...

Sorry
I did not state what I needed correctly . we have users that will be on a roaming profile. Every user of course has to have their username and password to enter the application on the machine and terminal they log onto. I cannot set up one terminal session and have everyone log onto that user name. So I would like one set of profile plus security for the local workstation logged onto the network. and then another for the terminal session. On the local workstation , I want them have access to many desktop options. but when they are logged on to the server, I need them to log onto the application, Word, Excel, internet. But not anything else, except the cdrom. Hope this helps ????

gravatar
Collapse -

by maddiuex In reply to user profiles in terminal ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Start or search

Related Forums