Jump to content

Group Policy By User

Guest Grant

By Guest Grant
in Windows 2003 Server

 Share

Recommended Posts

Guest Grant

Guest Grant

Posted
Posted

I am running a server with Windows Server 2003 Standard. I have Active

Directory setup as well as Terminal Services. I have 5 users who will

be logging in through Terminal Services and I would like to limit what

they can do. I know that this can be done with Group Policy but how can

I set it up so that I can still log in through Terminal Services without

having the restrictions applied to me?

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Henrik

Guest Henrik

Posted
Posted

RE: Group Policy By User

 

My first question to you is if you have installed Terminal Services on your

Domain Controller? If I understod you right you want your DC to act as a

Terminal Servces server.

 

--

Henrik

MCSE - Windows Server 2003 + MCP

 

 

"Grant" wrote:

> I am running a server with Windows Server 2003 Standard. I have Active

> Directory setup as well as Terminal Services. I have 5 users who will

> be logging in through Terminal Services and I would like to limit what

> they can do. I know that this can be done with Group Policy but how can

> I set it up so that I can still log in through Terminal Services without

> having the restrictions applied to me?

>

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Group Policy By User

 

Hello Grant,

 

TS shuold be better installed on a member server, also MS doesn't recommend

this( Look uner DEPLOYMENT).

http://www.microsoft.com/technet/community/en-us/terminal/terminal_faq.mspx

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> I am running a server with Windows Server 2003 Standard. I have

> Active Directory setup as well as Terminal Services. I have 5 users

> who will be logging in through Terminal Services and I would like to

> limit what they can do. I know that this can be done with Group

> Policy but how can I set it up so that I can still log in through

> Terminal Services without having the restrictions applied to me?

>

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Group Policy By User

 

Hello Grant,

 

If you still will do it create an OU and move the normal users to it, then

configure your GPO and link it to the OU, so it will only effect this OU

nothing else.

 

But think really about an additional server.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> I am running a server with Windows Server 2003 Standard. I have

> Active Directory setup as well as Terminal Services. I have 5 users

> who will be logging in through Terminal Services and I would like to

> limit what they can do. I know that this can be done with Group

> Policy but how can I set it up so that I can still log in through

> Terminal Services without having the restrictions applied to me?

>

Guest Grant

Guest Grant

Posted
Posted

Re: Group Policy By User

 

Meinolf Weber wrote:

> Hello Grant,

>

> If you still will do it create an OU and move the normal users to it,

> then configure your GPO and link it to the OU, so it will only effect

> this OU nothing else.

>

> But think really about an additional server.

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>

>> I am running a server with Windows Server 2003 Standard. I have

>> Active Directory setup as well as Terminal Services. I have 5 users

>> who will be logging in through Terminal Services and I would like to

>> limit what they can do. I know that this can be done with Group

>> Policy but how can I set it up so that I can still log in through

>> Terminal Services without having the restrictions applied to me?

>>

>

>

 

Thanks for the responses!

 

I am only using the server for Terminal Services and email. If there is

a way that I can configure the server without Active Directory and still

set policies for all the accounts but one, let me know. I'm open to

ideas. I would really prefer not to buy another server. I've already

forked out a lot for licenses and since I'm only using it for two

things, would prefer not to buy more.

 

Regarding the solution you posted, what do you mean by OU? I assume GPO

means Group Policy, correct?

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Group Policy By User

 

Hello Grant,

 

OU means Organizational Unit in Active Directory, only to an OU you can link

a GPO, Group Policy Object.

An OU is for example the Domain controller "folder" in the Active directory

structure. The Computers "folder" is a Container. On this container it is

not possible to link a GPO.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Meinolf Weber wrote:

>

>> Hello Grant,

>>

>> If you still will do it create an OU and move the normal users to it,

>> then configure your GPO and link it to the OU, so it will only effect

>> this OU nothing else.

>>

>> But think really about an additional server.

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>>> I am running a server with Windows Server 2003 Standard. I have

>>> Active Directory setup as well as Terminal Services. I have 5 users

>>> who will be logging in through Terminal Services and I would like to

>>> limit what they can do. I know that this can be done with Group

>>> Policy but how can I set it up so that I can still log in through

>>> Terminal Services without having the restrictions applied to me?

>>>

> Thanks for the responses!

>

> I am only using the server for Terminal Services and email. If there

> is a way that I can configure the server without Active Directory and

> still set policies for all the accounts but one, let me know. I'm

> open to ideas. I would really prefer not to buy another server. I've

> already forked out a lot for licenses and since I'm only using it for

> two things, would prefer not to buy more.

>

> Regarding the solution you posted, what do you mean by OU? I assume

> GPO means Group Policy, correct?

>

Guest Grant

Guest Grant

Posted
Posted

Re: Group Policy By User

 

Meinolf Weber wrote:

> Hello Grant,

>

> OU means Organizational Unit in Active Directory, only to an OU you can

> link a GPO, Group Policy Object.

> An OU is for example the Domain controller "folder" in the Active

> directory structure. The Computers "folder" is a Container. On this

> container it is not possible to link a GPO.

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>

>> Meinolf Weber wrote:

>>

>>> Hello Grant,

>>>

>>> If you still will do it create an OU and move the normal users to it,

>>> then configure your GPO and link it to the OU, so it will only effect

>>> this OU nothing else.

>>>

>>> But think really about an additional server.

>>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>>>> I am running a server with Windows Server 2003 Standard. I have

>>>> Active Directory setup as well as Terminal Services. I have 5 users

>>>> who will be logging in through Terminal Services and I would like to

>>>> limit what they can do. I know that this can be done with Group

>>>> Policy but how can I set it up so that I can still log in through

>>>> Terminal Services without having the restrictions applied to me?

>>>>

>> Thanks for the responses!

>>

>> I am only using the server for Terminal Services and email. If there

>> is a way that I can configure the server without Active Directory and

>> still set policies for all the accounts but one, let me know. I'm

>> open to ideas. I would really prefer not to buy another server. I've

>> already forked out a lot for licenses and since I'm only using it for

>> two things, would prefer not to buy more.

>>

>> Regarding the solution you posted, what do you mean by OU? I assume

>> GPO means Group Policy, correct?

>>

>

>

Thanks! That's just what I need. Do you know if there is a way to

rename the domain name once you have created it in AD? Or do I have to

uninstall or reinstall?

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Group Policy By User

 

Hello Grant,

 

Windows Server 2003 Active Directory Domain Rename Tools

http://technet.microsoft.com/en-us/windowsserver/bb405948.aspx

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> Meinolf Weber wrote:

>

>> Hello Grant,

>>

>> OU means Organizational Unit in Active Directory, only to an OU you

>> can

>> link a GPO, Group Policy Object.

>> An OU is for example the Domain controller "folder" in the Active

>> directory structure. The Computers "folder" is a Container. On this

>> container it is not possible to link a GPO.

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>>> Meinolf Weber wrote:

>>>

>>>> Hello Grant,

>>>>

>>>> If you still will do it create an OU and move the normal users to

>>>> it, then configure your GPO and link it to the OU, so it will only

>>>> effect this OU nothing else.

>>>>

>>>> But think really about an additional server.

>>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>> and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>>>>> I am running a server with Windows Server 2003 Standard. I have

>>>>> Active Directory setup as well as Terminal Services. I have 5

>>>>> users who will be logging in through Terminal Services and I would

>>>>> like to limit what they can do. I know that this can be done with

>>>>> Group Policy but how can I set it up so that I can still log in

>>>>> through Terminal Services without having the restrictions applied

>>>>> to me?

>>>>>

>>> Thanks for the responses!

>>>

>>> I am only using the server for Terminal Services and email. If

>>> there is a way that I can configure the server without Active

>>> Directory and still set policies for all the accounts but one, let

>>> me know. I'm open to ideas. I would really prefer not to buy

>>> another server. I've already forked out a lot for licenses and

>>> since I'm only using it for two things, would prefer not to buy

>>> more.

>>>

>>> Regarding the solution you posted, what do you mean by OU? I assume

>>> GPO means Group Policy, correct?

>>>

> Thanks! That's just what I need. Do you know if there is a way to

> rename the domain name once you have created it in AD? Or do I have

> to uninstall or reinstall?

>

Guest Henrik

Guest Henrik

Posted
Posted

Re: Group Policy By User

 

Why do you want to rename the domain? There are tools and KB's for it but if

you have a complex AD infrastructure I would be carefull with renaming the

domain.

--

Henrik

MCSE - Windows Server 2003 + MCP

 

 

"Meinolf Weber" wrote:

> Hello Grant,

>

> Windows Server 2003 Active Directory Domain Rename Tools

> http://technet.microsoft.com/en-us/windowsserver/bb405948.aspx

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and confers

> no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

>

> > Meinolf Weber wrote:

> >

> >> Hello Grant,

> >>

> >> OU means Organizational Unit in Active Directory, only to an OU you

> >> can

> >> link a GPO, Group Policy Object.

> >> An OU is for example the Domain controller "folder" in the Active

> >> directory structure. The Computers "folder" is a Container. On this

> >> container it is not possible to link a GPO.

> >> Best regards

> >>

> >> Meinolf Weber

> >> Disclaimer: This posting is provided "AS IS" with no warranties, and

> >> confers no rights.

> >> ** Please do NOT email, only reply to Newsgroups

> >> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> >>> Meinolf Weber wrote:

> >>>

> >>>> Hello Grant,

> >>>>

> >>>> If you still will do it create an OU and move the normal users to

> >>>> it, then configure your GPO and link it to the OU, so it will only

> >>>> effect this OU nothing else.

> >>>>

> >>>> But think really about an additional server.

> >>>>

> >>>> Best regards

> >>>>

> >>>> Meinolf Weber

> >>>> Disclaimer: This posting is provided "AS IS" with no warranties,

> >>>> and

> >>>> confers no rights.

> >>>> ** Please do NOT email, only reply to Newsgroups

> >>>> ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm

> >>>>> I am running a server with Windows Server 2003 Standard. I have

> >>>>> Active Directory setup as well as Terminal Services. I have 5

> >>>>> users who will be logging in through Terminal Services and I would

> >>>>> like to limit what they can do. I know that this can be done with

> >>>>> Group Policy but how can I set it up so that I can still log in

> >>>>> through Terminal Services without having the restrictions applied

> >>>>> to me?

> >>>>>

> >>> Thanks for the responses!

> >>>

> >>> I am only using the server for Terminal Services and email. If

> >>> there is a way that I can configure the server without Active

> >>> Directory and still set policies for all the accounts but one, let

> >>> me know. I'm open to ideas. I would really prefer not to buy

> >>> another server. I've already forked out a lot for licenses and

> >>> since I'm only using it for two things, would prefer not to buy

> >>> more.

> >>>

> >>> Regarding the solution you posted, what do you mean by OU? I assume

> >>> GPO means Group Policy, correct?

> >>>

> > Thanks! That's just what I need. Do you know if there is a way to

> > rename the domain name once you have created it in AD? Or do I have

> > to uninstall or reinstall?

> >

>

>

>

 Share
Go to topic listing
×
×
  • Create New...