[gptalk] Re: Custom ADM policy for Terminal Services sessions only

  • From: "Scott Bailey" <sbailey@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 14 Apr 2008 14:16:03 -0500

Thanks for your replies.
We are running a 2003 domain / server environment. Implementing and testing the 
new Group policy would take time as well as convincing by management.
 
I don't think would be an option for us at this time.
 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Hendrikus Terwint (SEDIRSI-Prestataire)
Sent: Monday, April 14, 2008 7:13 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM policy for Terminal Services sessions only



Because you don't need vb scripts anymore if you can do the same with GP 
Preferences J & because "Group Policy Preferences also come with item-level 
targeting options."

See :

http://redmondmag.com/features/article.asp?EditorialsID=2435

Eliminating Logon Scripts

Where You Can Use Group Policy Preferences

Item-Level Targeting

 

De : gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] De la 
part de hans straat
Envoyé : samedi 12 avril 2008 09:16
À : gptalk@xxxxxxxxxxxxx
Objet : [gptalk] Re: Custom ADM policy for Terminal Services sessions only

 

Why not simply use a vb script mapping printers to a group with the option 
"case" instead of going all the trouble of making policies for this. 
use it has loginscript with the loopback policy on your terminal server.
 



 

________________________________

From: jhh@xxxxxxxxxxxxxxx
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM policy for Terminal Services sessions only
Date: Sat, 12 Apr 2008 09:10:09 +0200

Hi Scott,

 

My first choice would be to use Group Policy Preferences (GPP) - ADMs are 
history J

 

You can use Item Level Targeting to make sure the printers are mapped to the 
users only on given computers.

 

To read more on GPP you could check out these articles:

http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part3.html

http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part4.html

 

I hope that helps out - good luck!

 

 

Best regards

 

Jakob H. Heidelberg

MVP:Enterprise Security

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Scott Bailey
Sent: 12. april 2008 04:03
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Custom ADM policy for Terminal Services sessions only

 

Hello All,

I have created a custom ADM file for mapping network printers for our Windows 
2003 terminal services.

 

1. I want the policy to only get applied to the terminal services sessions and 
not the workstations the end users is logging on to. It is currently doing both.

2. Is there a way to modify the KEYNAME using the GPMC instead of coding it in 
the ADM file for future need of printer change outs.

I have 4 different printers so I have 4 ADM files, I cannot use loopback 
processing.

 

Thanks for any input on this!

 

===================================

CLASS USER
CATEGORY "Windows Components"
CATEGORY "Terminal Services"
CATEGORY "Custom Installed Printers"

 

KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Windows"

 

POLICY "PrinterName"

 

 #if version >= 4
 SUPPORTED !!TS_SUPPORTED_Win2k3_Sp1
 #endif

 

EXPLAIN !!PrinterDef
   PART "Default Printer"
   EDITTEXT
   DEFAULT "\\Server\PrinterName,winspool,Ne11:"
   VALUENAME "Device"
   END PART

 

   KEYNAME "Printers\Connections\,,Server,PrinterName"
   PART "Provider"
   EDITTEXT
   DEFAULT "win32spl.dll"
   VALUENAME "Provider"
   END PART

 

   PART "Server"
   EDITTEXT
   DEFAULT "\\Server"
   VALUENAME "Server"
   END PART


END POLICY
END CATEGORY
END CATEGORY
END CATEGORY

 

[strings]
User="User"
TS_SUPPORTED_Win2k3_Sp1="At least Microsoft Windows Server 2003 with SP1"
PrinterDef="Definition

DISCLAIMER:
This electronic mail message and any attached files contain information 
intended for the exclusive use of the intended addressee and may contain 
information that is proprietary, privileged, confidential and/or exempt from 
disclosure under applicable law. If you are not the intended recipient, you are 
hereby notified that any viewing, copying, disclosure or distribution of this 
information may be subject to legal restriction or sanction. Please notify 
sender if you are an unintended recipient and delete the original message 
without making copies. Thank you.



DISCLAIMER:
This electronic mail message and any attached files contain information 
intended for the exclusive use of the intended addressee and may contain 
information that is proprietary, privileged, confidential and/or exempt from 
disclosure under applicable law.  If you are not the intended recipient, you 
are hereby notified that any viewing, copying, disclosure or distribution of 
this information may be subject to legal restriction or sanction.  Please 
notify sender if you are an unintended recipient and delete the original 
message without making copies.  Thank you.

Other related posts: