We are in the process of configuring a terminal services on MS Server 03 and I thought I would ask for some knowledgable input…
Do you think that applying local security policy to remove unwanted items (control panel, run, etc…) is the best approach? From what I’ve seen, this locks down admin access as well, which I really would like to have.
OR
Is applying through Active Directory GPOs is a better approach? This method however seems to be applying restrictions on all computers the user logs into – something we only want to do on the server.
All in all, I am looking for the balance between locking down the interface but still being able to admin the box as needed. Any ideas? Is anyone using a different method to secure terminal services?