Announcement

Collapse
No announcement yet.

Restricted access to Terminal Services

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restricted access to Terminal Services

    Hello,

    I'm trying to set up a terminal server for some users. They need to access MS Office, IE and one other applications. They need to access a network drive and printers too.
    I'm using Win2003 TS in a Win2003 Domain.

    But anyway i don't want them to to anything trough configuraiton panel and other menu.

    I set up a loopback GPO working pretty well. But I don't know every parameter to set via this GPO.

    - It seems I set up too muych restriction as loading Microsoft Word ends up once I clic any Menu.
    - They can still add/remove icon to the Quick Launch Bar.
    - I remove right clicking the desktop and other things... but I can't manage to make icon appear on it.

    As there is many parameters I don't know if someone can help, but if it's possible to download somewhere a GPO configuration that would set up directly a TS Application Server, it would be perfect.

    I didn't found this anywhere...

    Thank you for any help... and excuse my english

  • #2
    Re: Restricted access to Terminal Services

    I don't know of any ready-to use-GPO-template for TS. As a matter of fact, it is pretty hard to achieve, since your needs are not as mine or someone else. In fact, the template is the empty GPO itself, that you should start build according to your needs.
    I think that it will be best for you to give us a list of things you want to allow and the ones you want to prevent your users from doing and we'll try to help. And I think you should start with a blank new GPO, it will be easuer than trying to debug the already existing one.

    Sorin Solomon

    »»»»»
    In order to succeed, your desire for success should be greater than your fear of failure.
    -
    «««««

    Comment


    • #3
      Re: Restricted access to Terminal Services

      Originally posted by sorinso View Post
      And I think you should start with a blank new GPO, it will be easuer than trying to debug the already existing one.
      I guess you're right on this one

      Want i want to do :

      - Users can't do anything on the TS but use Office, IE and an other finance application.
      - I want to restrict as much as possible so they won't be able to modify anything on this server : no wallpaper, no use of other application, no control panel etc...

      Basicaly that's it.

      I don't really know how precise I should be.

      I found this pretty interesting document : http://www.microsoft.com/downloads/d...DisplayLang=en
      Last edited by Koybe; 16th December 2006, 17:51.

      Comment


      • #4
        Re: Restricted access to Terminal Services

        WOW!! Tough one...
        You have a lot of things to close down. The best thing you can do is start going through the GPO and start closing whatever you need.
        - Users can't do anything on the TS but use Office, IE and an other finance application.
        can be easily achieved using Software Restriction Policy (see softpols.jpg). Restrict anything else but what you need.
        I want to restrict as much as possible so they won't be able to modify anything on this server : no wallpaper
        see wallpaper.jpg
        no control panel
        see cpanel.jpg
        I tried to give you the GPO I use for my TS users, but the HTM file is both too big and not allowed to be uploaded. And this, only to be you as a guide. There's no better way but to go through the configurations (as I already said), because this way you will know what is where, if you'll need to change anything.
        Hope this helped.
        Good luck.
        Last edited by sorinso; 9th November 2007, 21:09.

        Sorin Solomon

        »»»»»
        In order to succeed, your desire for success should be greater than your fear of failure.
        -
        «««««

        Comment


        • #5
          Re: Restricted access to Terminal Services

          Originally posted by Koybe View Post
          I found this pretty interesting document : http://www.microsoft.com/downloads/d...DisplayLang=en
          It's a good document, but only as a start. You should consider it as such. Read the settings and decide whichever suits you and which not.

          Good luck.

          Sorin Solomon

          »»»»»
          In order to succeed, your desire for success should be greater than your fear of failure.
          -
          «««««

          Comment


          • #6
            Re: Restricted access to Terminal Services

            OK Thank you for your help...

            I already try passing on each option trying to activate... etc... But i ran into something that wouldn't open any office software... and I don't know how I managed to do this

            Anyway, I'll have another try tomorrow.

            Comment


            • #7
              Re: Restricted access to Terminal Services

              and I don't know how I managed to do this
              - this is exactly why I said that starting from scratch might be a better idea. Sometimes, debugging can be a real pain in the ass .
              Try to check the Event Viewer of the server, you may find some answers inside. Especially if there's a GPO blocking the run of a software (if not, you might have a permissions issue).

              Good luck, dude, and keep the forum posted.

              Sorin Solomon

              »»»»»
              In order to succeed, your desire for success should be greater than your fear of failure.
              -
              «««««

              Comment


              • #8
                Re: Restricted access to Terminal Services

                Just a passing thought....
                Try this link from Microsoft
                Group Policy is a rich technology allowing the management of users and machines throughout an organization. This package includes a series of Group Policy Objects (GPOs) illustrating a number of common desktop scenarios. These include Lightly Managed, Mobile and Kiosk scenarios plus others.
                "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

                Comment


                • #9
                  Re: Restricted access to Terminal Services

                  Thank you

                  Comment


                  • #10
                    Re: Restricted access to Terminal Services

                    Everything seems nice now. There is only one thing left i can't do.

                    - I put some shortcuts on All Users\Desktop but nothing appears on real users desktop once they logged in?

                    - I want to customize icons on the Quick Launch Bar for them to. How can I do this?

                    I must say... Thank you again

                    Comment


                    • #11
                      Re: Restricted access to Terminal Services

                      Originally posted by Koybe View Post

                      - I put some shortcuts on All Users\Desktop but nothing appears on real users desktop once they logged in?
                      You probably locked down the desktop too much, you can try putting it in the start menu

                      - I want to customize icons on the Quick Launch Bar for them to. How can I do this?

                      I must say... Thank you again
                      you have the right idea, but there is no quick launch for all users, so you will have to copy the shortcuts via GP, every time they log in.
                      "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

                      Comment


                      • #12
                        Re: Restricted access to Terminal Services

                        Originally posted by Lior_S View Post
                        You probably locked down the desktop too much, you can try putting it in the start menu
                        Any idea which parameters makes this happend?

                        So maybe the best way is to set these icons in the default user. Anyway when there will be a change I'll get problems...

                        Comment


                        • #13
                          Re: Restricted access to Terminal Services

                          Originally posted by Koybe View Post
                          - I put some shortcuts on All Users\Desktop but nothing appears on real users desktop once they logged in?
                          Is the setting User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Remove common program groups from Start Menu enabled? If I remember right, it affects the desktop icons from All Users too...

                          Originally posted by Koybe View Post
                          - I want to customize icons on the Quick Launch Bar for them to. How can I do this?
                          Logon with the user without restrictions (disable the GPO for some time) and set the toolbar as you like. Afterward, set these settings to Enabled:
                          - User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Prevent changes to Taskbar and Start Menu Settings
                          - User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Lock the Taskbar
                          You might want to enable also:
                          - User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Do not display any custom toolbars in the taskbar
                          - User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Prevent grouping of taskbar items
                          but it's your call.

                          You may want to take a look at the Excel file on Microsoft's site with all the GPO settings available for Windows Server 2003. It is searchable and a good reference.

                          Good luck.

                          Sorin Solomon

                          »»»»»
                          In order to succeed, your desire for success should be greater than your fear of failure.
                          -
                          «««««

                          Comment


                          • #14
                            Re: Restricted access to Terminal Services

                            Thank you... everything runs fine now.

                            Thanks for all the help here... It's just helpful and nice.

                            Comment

                            Working...
                            X