[gptalk] Re: Lockdown Policy on Terminal Server

  • From: "Alan and Margaret Cuthbertson" <syspro@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sat, 24 Jan 2009 07:28:25 +1100

Hi Bill,

 

It should work the way you are suggesting, however I am guessing that you
are using loop back processing and that this is being set in the same
policy. If you remove Authenticated Users from the policy then the machine
setting to enable loop back policy will also be removed.

 

Your first suggestion of putting "deny" on the policy for ADMINS should
work....  assuming you are talking about the policy that contains the actual
user settings rather than the loopback enable setting.

 

Hope this helps. 

 

 

Alan Cuthbertson

 

 

 Policy Management Software (Now with ADMX and Preference support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml

 

ADM Template Editor(Now with ADMX support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml

 

Policy Log Reporter - including Preference logging(Free)

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml

 

 

 

 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of McDonald, William
Sent: Saturday, 24 January 2009 5:39 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Lockdown Policy on Terminal Server

 

 

A TS policy only works for me if it is applied to the Authenticated

Users group, but this applies the policy to all users, including

administrators, even if I have admins set to deny applying policy. If I

apply the group policy to another group, TS_App_Users, and remove

Authenticated users or even just uncheck Apply Policy under

Authenticated Users, then it won't get applied at all. How is this

supposed to work? 

 

 

 

Regards, 

Bill McDonald

Systems Administrator II      Ebara Technologies, Inc. 

51 Main Avenue 

Sacramento, CA 95838 

Direct: (916) 561-4865 

Fax: (916) 920-5066 

 

wmcdonald@xxxxxxxxxxxxx       

 

***********************

You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/

************************

Other related posts: