0

I have domain users by group with respective privileges set via group policy. I.E (Department A has access to control panel and access to install software, Department B does not have both)

My question: Some of our domain users are using RDP on a Terminal Server (TS1 & TS2). We don't want any of the users to get access to any part of the TS other than the designated software which is to run upon logon (auto startup).

This is where I'm stuck. I want to set a user policy on TS1 & TS2 where any user connected via RDP has maximum restriction (no start menu items, no desktop icon, no system tray but only allowed application). The thing is I also do not want the users to be affected on their own PCs. Which means, that when the user logs on to their own PC, the Department policy should take effect, and when they RDP to Terminal Server another policy takes effect on the TS only.

How can i accomplish this?

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
D_N_A
  • 3
  • 2

1 Answers1

2

You need to configure your User Configuration settings in the GPO linked to the TS OU and use Group Policy loopback processing so that those user settings apply to the users when they log onto the TS servers.

http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • i've tried that.. but my mistake i changed it to merge instead of replace. and now it works... thanks. – D_N_A Feb 05 '15 at 07:09