Announcement

Collapse
No announcement yet.

Filter Admin account on local terminal server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Filter Admin account on local terminal server

    Basically I have one win 2003 server acting as a terminal server, it is just like a local server with no domain Group policy applied,
    Now I have tried to lock down the server so that users have limited access but I also want the local group policy to not apply to administrator account, that way I will have full control of the machine even when I am connecting to it remotely, just filter out admin account from Local GP.

    Second is there a way from GP for disabling automatic updates to show up on terminal users, it should only show to admin account?

  • #2
    Re: Filter Admin account on local terminal server

    For user settings you can either create groups and assign the policy only to them or you could assign it to everyone but deny apply to the admin account specifically.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Filter Admin account on local terminal server

      What Andy said is correct, but i would use option 2.
      Create a local policy, eave the default permissions and give admins a denied apply group policy.

      On your second question:
      Yes there is (there are several ways).
      Examples (shows where the policies can be found):
      User Configuration (Enabled)
      -Administrative Templates
      --Start Menu and Taskbar
      ---Remove links and access to Windows Update

      --Windows Components/Windows Update
      ---Remove access to use all Windows Update features
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: Filter Admin account on local terminal server

        If you're talking about the Local Group Policy, than it cannot be assigned to a specific user. It is only one policy, that applies to any user that logs in to that specific machine. There is no way (AFAIK) to "excuse" the Administrator from it.
        A possible workaround (never tried it, so don't blame me if it won't work!) is to deny the Administrator rights to the folder %windir%\system32\Group Policy, in which the Local Group Policy is created. Maybe this way it won't be applied to the user. Again, use caution !
        Another thing you can do is see what changes does the LGP under HKLM (this is what it usually does) and implement the same changes under specific HKCU of certain users.

        Sorin Solomon


        In order to succeed, your desire for success should be greater than your fear of failure.
        -

        Comment


        • #5
          Re: Filter Admin account on local terminal server

          Killerbe and Andy how is it possible to deny apply group policy to admin?

          Sorinso, if i deny the Administrator rights to the folder %windir%\system32\Group Policy will it filter out admin account?

          See my trouble is that any thing I apply on local GP get applied to admin account also that way being a admin it put me with restricted access.

          Comment


          • #6
            Re: Filter Admin account on local terminal server

            Originally posted by Yantra View Post
            Sorinso, if i deny the Administrator rights to the folder %windir%\system32\Group Policy will it filter out admin account?
            I don't know, I told you I never tried it. Test it and see for yourself. How to test? Set something in LGP, like desktop background, or anything else visual, and see if it is applied to the Administrator. Also check the Event log for any error messages regarding the fact that the LGP is not applied due to lack of permissions or such.

            Originally posted by Yantra View Post
            any thing I apply on local GP get applied to admin account also that way being a admin it put me with restricted access.
            This is behavior of the LGP. As I said earlier, the changes form the LGP are set in the HKLM hive, thus they are applied to that machine, to whoever logs in.

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: Filter Admin account on local terminal server

              You can set Local Group Policy for users and deny the Administrator Read access to the %SystemRoot%\system32\GroupPolicy\User\Registry.po l file, effectively filtering the Local Group
              [Powershell]
              Start-DayDream
              Set-Location Malibu Beach
              Get-Drink
              Lay-Back
              Start-Sleep
              ....
              Wake-Up!
              Resume-Service
              Write-Warning
              [/Powershell]

              BLOG: Therealshrimp.blogspot.com

              Comment


              • #8
                china good web site

                Do you fear the force of the wind,The slash of the rain? Go face them and fight them,Be savage again.Go hungry and cold like the wolf, Go wade like the crane:The palms of your hands will thicken,The skin of your cheek will tan,You'll grow ragged and weary and swarthy,But you'll walk like a man!let go 深圳翻译公司空压机

                Comment

                Working...
                X