Guest bmense@gmail.com Posted July 19, 2007 Posted July 19, 2007 I'm trying to find away to lock down a user when they login through RDP, but not when they login to there system in the Office. Currently I've created another user for them to use only when they are logging in remotely. Is there another way to create an alias of the original ID?
Guest Vera Noest [MVP] Posted July 19, 2007 Posted July 19, 2007 Re: Lockdown remote user but not local login I assume that you have locked down the Terminal Server sessions with a GPO, correct? And now that GPO also applies when the users log on to their workstations? The fix for this is to use "loopback processing" of the GPO. The basic steps to use a GPO to configure a Terminal Server: 1. place the Terminal Server (not the users!) in a separate OU 2. create a TS-specific GPO 3. configure the GPO to use "loopback processing" with the "Replace" option. See: http://support.microsoft.com/?kbid=231287 4. link the GPO to the OU which contains the Terminal Server machine account 5. add the Terminal Server machine account to the security list of the GPO 6. add a User group to the security list of the GPO (or keep the default entry for "Authenticated Users" if you want the settings in the GPO to apply to all users) 7. modify the rights for Administrators on the GPO: select "Deny" for the right to "Apply this policy". See: http://support.microsoft.com/?kbid=816100 _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ "bmense@gmail.com" <bmense@gmail.com> wrote on 19 jul 2007 in microsoft.public.windows.terminal_services: > I'm trying to find away to lock down a user when they login > through RDP, but not when they login to there system in the > Office. > > Currently I've created another user for them to use only when > they are logging in remotely. > > Is there another way to create an alias of the original ID?
Guest Helge Klein Posted July 19, 2007 Posted July 19, 2007 Re: Lockdown remote user but not local login You surely use a GPO to lock down the computer? Simply have the GPO apply to the group "Terminal Server Users" instead of the default "Authenticated Users". I hope this helps. Helge On 19 Jul., 15:33, "bme...@gmail.com" <bme...@gmail.com> wrote: > I'm trying to find away to lock down a user when they login through > RDP, but not when they login to there system in the Office. > > Currently I've created another user for them to use only when they are > logging in remotely. > > Is there another way to create an alias of the original ID?
Guest Soo Kuan Teo [MSFT] Posted July 20, 2007 Posted July 20, 2007 Re: Lockdown remote user but not local login I haven't tried this personally, will ADSI extension for Terminal Services work for you? Under user account's Terminal Services Profile, there is a per-user property "Deny this user permissions to logon to Terminal Server": http://msdn2.microsoft.com/en-us/library/aa380657.aspx Thanks Soo Kuan -- This posting is provided "AS IS" with no warranties, and confers no rights. <bmense@gmail.com> wrote in message news:1184852013.131102.138170@z24g2000prh.googlegroups.com... > I'm trying to find away to lock down a user when they login through > RDP, but not when they login to there system in the Office. > > Currently I've created another user for them to use only when they are > logging in remotely. > > Is there another way to create an alias of the original ID? >
Recommended Posts