Announcement

Collapse
No announcement yet.

Security filtering in policies applied to terminal servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security filtering in policies applied to terminal servers

    Hi All,

    I am wanting some confirmation on my thoughts on applying group policy to terminal servers in a network I am building. I'm really only starting to learn the ins and outs of group policy, so be gentle, but I really am having a ball learning it all and I appreciate all your help and patience.

    If I want to apply a policy to all terminal servers so that all users except for the administrator get affected when they log in, I think I have to change the security filtering settings from being applied to "authenticated users" (since this contains the administrator) to another group that contains everyone except the administrator. This should then work fine shouldn't it?

    I apologise if my question seems stupid, but I like to be sure. Measure twice, cut once, as my Dad says.

    Cheers,

    James

  • #2
    Re: Security filtering in policies applied to terminal servers

    You could do that or just add a deny for the administrator account for apply maybe?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Security filtering in policies applied to terminal servers

      Oke there is a lot to say abou GPO's and surely on Terminal services.

      In order to get a policy applied you need read and apply policy rights to the policy. If you want an administrator to not get the policy applied, you'll need to provide deny policy rights to the adminnistrators. Or finegrane the policy to only apply to a certan group (which is prefered).

      Have you ever heard off Loopback processing?
      If yes, oke than you know how to apply specific user settings based on your terminal servers (or other computers for that part).

      GPO filtering can be quit tricky, so do proper testing before applying them on your production servers.

      One thing about Filtering
      Beaware that ACL's are checked for both Computer settings and user setting when apolicy is processed.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: Security filtering in policies applied to terminal servers

        Thanks for those replies - that's some good information. I made a GPO called Terminal Server and changed some options in Computer Config>Admin Templates>Windows Components>Terminal Servers and also made changes in User Config>Admin Templates>Start Menu and Taskbar.

        The changes in Computer Config>Admin Templates>Windows Components>Terminal Servers are applied fine, but the changes in User Config>Admin Templates>Start Menu and Taskbar are not being applied at all. I would like to be able to deny users access to things like the shutdown button so I need this to work. Is this where I have to apply a loopback policy?

        Once again, thanks for your help.

        James

        Comment


        • #5
          Re: Security filtering in policies applied to terminal servers

          James,

          Take a look at the following post:

          http://forums.petri.com/showthread.p...light=loopback

          Michael
          Michael Armstrong
          www.m80arm.co.uk
          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: Security filtering in policies applied to terminal servers

            Thanks Michael that has helped sort it out a lot in my head. I appreciate the help and will attempt to get through some of the mountains of info on this site so I don't need as much direction. It's quite daunting sometimes!

            Cheers,

            James

            Comment


            • #7
              Re: Security filtering in policies applied to terminal servers

              No problem James,

              Glad it helped

              Michael
              Michael Armstrong
              www.m80arm.co.uk
              MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment

              Working...
              X