Announcement

Collapse
No announcement yet.

provide access to TS without local Remote Desktop Users group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • provide access to TS without local Remote Desktop Users group

    I adjusted remote pc lockdown by using GPO.

    Initially I added couple of users to Remote Desktop Users on TS servers.

    I want to eliminate Local Remote Desktop Users group.

    So, I created security group for TS users and put it to Security filtering.
    Than I deleted users from local Remote Desktop group.

    Where I have to declare that my AD TS group can connect to TS server that is in Loopback OU?

    Thanks,
    Michael.
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Re: provide access to TS without local Remote Desktop Users group

    User Rights assignment under the computer security settings in that OU's GPO.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: provide access to TS without local Remote Desktop Users group

      Thank you for a tip.

      I feel I am very close for right approach for tweaking TS access
      but still something is missed.
      On GPO forum I was pointed to loopback policy.
      I read about it and this question is clear.
      My user policy (ex. disable Control Panel) worked fine for users logged to TS.
      What I eventually found:
      1. initially I put couple of users to local Remote Desktop Users on TS. User could login to TS.

      2. Than I applied Loopback policy to OU with only TS server.
      In User part I enabled : Disable Control Panel
      Tested. It worked.

      Here the "story"begins.
      In security filtering by default Policy applied to Authenticated Users. My Admin account was affected too.
      I decided to adjust it and created security group TS Users where placed my ts users and removed Authenticated from security filtering.
      After that my policy didn't apply to users anymor. Looks like they just connected straight to TS bypassing GPO.

      So asked the question how to manage security group through GPO.
      I did what you recommended. It not works. I restarted my TS server since changes where under Computer policy.

      Now user can not login to TS (no rights), only Admin.

      I removed users from Remote Desktop Users on TS hoping this :
      <User Rights assignment under the computer security settings in that OU's GPO>
      will solve my problem.

      Please step by step what I should check.
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment


      • #4
        Re: provide access to TS without local Remote Desktop Users group

        Finally I returned to Remote Desktop Users on TS and placed my security group.
        First time problem was because when I created Security Group I did it DOMAIN and not Globa.

        Thanks for pointing for the way through GPO.
        "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

        Comment

        Working...
        X