Lockdown remote user but not local login

[Guest bmense@gmail.com]

I'm trying to find away to lock down a user when they login through

RDP, but not when they login to there system in the Office.

 

Currently I've created another user for them to use only when they are

logging in remotely.

 

Is there another way to create an alias of the original ID?

[Guest Vera Noest [MVP]]

Re: Lockdown remote user but not local login

 

I assume that you have locked down the Terminal Server sessions

with a GPO, correct? And now that GPO also applies when the users

log on to their workstations?

The fix for this is to use "loopback processing" of the GPO.

 

The basic steps to use a GPO to configure a Terminal Server:

 

1. place the Terminal Server (not the users!) in a separate OU

2. create a TS-specific GPO

3. configure the GPO to use "loopback processing" with the

"Replace" option. See:

http://support.microsoft.com/?kbid=231287

4. link the GPO to the OU which contains the Terminal Server

machine account

5. add the Terminal Server machine account to the security list of

the GPO

6. add a User group to the security list of the GPO (or keep the

default entry for "Authenticated Users" if you want the settings

in the GPO to apply to all users)

7. modify the rights for Administrators on the GPO: select "Deny"

for the right to "Apply this policy". See:

http://support.microsoft.com/?kbid=816100

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"bmense@gmail.com" <bmense@gmail.com> wrote on 19 jul 2007 in

microsoft.public.windows.terminal_services:

> I'm trying to find away to lock down a user when they login

> through RDP, but not when they login to there system in the

> Office.

>

> Currently I've created another user for them to use only when

> they are logging in remotely.

>

> Is there another way to create an alias of the original ID?

[Guest Helge Klein]

Re: Lockdown remote user but not local login

 

You surely use a GPO to lock down the computer? Simply have the GPO

apply to the group "Terminal Server Users" instead of the default

"Authenticated Users".

 

I hope this helps.

 

Helge

 

On 19 Jul., 15:33, "bme...@gmail.com" <bme...@gmail.com> wrote:

> I'm trying to find away to lock down a user when they login through

> RDP, but not when they login to there system in the Office.

>

> Currently I've created another user for them to use only when they are

> logging in remotely.

>

> Is there another way to create an alias of the original ID?

[Guest Soo Kuan Teo [MSFT]]

Re: Lockdown remote user but not local login

 

I haven't tried this personally, will ADSI extension for Terminal Services

work for you?

Under user account's Terminal Services Profile, there is a per-user property

"Deny this user permissions to logon to Terminal Server":

http://msdn2.microsoft.com/en-us/library/aa380657.aspx

 

Thanks

Soo Kuan

 

 

--

This posting is provided "AS IS" with no warranties, and confers no rights.

 

<bmense@gmail.com> wrote in message

news:1184852013.131102.138170@z24g2000prh.googlegroups.com...

> I'm trying to find away to lock down a user when they login through

> RDP, but not when they login to there system in the Office.

>

> Currently I've created another user for them to use only when they are

> logging in remotely.

>

> Is there another way to create an alias of the original ID?

>