[gptalk] Re: Using Poledit on a Windows 2003 Terminal Server
- From: jfvanmeter@xxxxxxxxxxx
- To: gptalk@xxxxxxxxxxxxx, gptalk@xxxxxxxxxxxxx
- Date: Fri, 23 Feb 2007 14:17:48 +0000
a custom Admin template or using a script might be easier, something like the
below should work to control what group has the right to make a term serv
connection.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colSettings
Wscript.Echo objComputer.Name
CN = objComputer.Name
Next
srv = Left(CN, 2)
if srv = "MD" Then
set RDPObj =
GetObject("winmgmts:{impersonationLevel=impersonate}!Win32_TSPermissionsSetting.TerminalName='RDP-Tcp'")
RDPobj.AddAccount "domainname\TermPerm", 2
End If
I also believe the WIn2k3 SP2 system.adm file has term serv configuration
settings
Take Care --John
-------------- Original message ----------------------
From: Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx>
> Hi All,
>
> Helping out a friend who uses Samba, and they have asked me to lock down
> their Windows 2003 Terminal Servers, so I'm trying to use good old Poledit.
> No matter what I've tried I cannot get the policy to apply to a "group"
> object, even though it matches.
>
> For example, the userenv.log shows this...
>
> ApplySystemPolicy: Entering
> ApplySystemPolicy: PolicyPath is: <\\ts02\lockdown$\TS.pol>.
> ApplySystemPolicy: Local PolicyPath is: <C:\Documents and
> Settings\testuser1\prf1.tmp>.
> MyRegLoadKey: Returning 00000000
> ApplySystemPolicy: Looking for user specific policy.
> OpenUserKey: No entry for testuser1, using .Default instead.
> ApplySystemPolicy: Processing group(s) policy.
> GetUserGroups: User is a member of the following global groups:
> GetUserGroups:
> GetUserGroups: tsusers
> ApplySystemPolicy: User belongs to 2 groups.
> FindGroupInList: User is NOT a member of the tsusers group.
> FindGroupInList: User is NOT a member of the Administrators group.
> ApplySystemPolicy: Looking for machine specific policy.
> OpenUserKey: Found specific entry for TS02 ignoring .Default.
>
> Now the Samba domain tsusers group is a member of the local Remote Desktop
> Users group on the Terminal Servers. And the testuser1 is definitely a
> member of this group, so it's weird that it's telling me that the " User
> is NOT a member of the tsusers group". I wonder if this is a Samba thing?
>
> It's been years since I've needed to use poledit. Is there some trick I
> need to follow to get it to work in this environment?
>
> I guess that I can try to create a local tsusers group and place the Samba
> tsusers group in that.
>
> Any advice would be greatly appreciated.
>
> Cheers.
>
> Kind regards,
>
> Jeremy Saunders
> Senior Technical Specialist
>
> Infrastructure Technology Services
> (ITS) & Cerulean
> Global Technology Services (GTS)
> IBM Australia
> Level 1, 1060 Hay Street
> West Perth WA 6005
>
> Postal: PO Box 525, West Perth WA
> 6872
>
> Visit us at
> http://www.ibm.com/services/au/its
>
> P: +61 8 9261 8412 F: +61 8 9261 8486
> P: (Reception) +61 8 9261 8420 E-mail:
> M: TBA jeremy.saunders@xxxxxxxxxxx
>
>
>
>
>
>
>
>
>
> ***********************
> You can unsubscribe from gptalk by sending email to
> gptalk-request@xxxxxxxxxxxxx
> with 'unsubscribe' in the Subject field OR by logging into the freelists.org
> Web
> interface. Archives for the list are available at
> //www.freelists.org/archives/gptalk/
> ************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
