[gptalk] Re: Custom ADM policy for Terminal Services sessions only

  • From: "Jakob H. Heidelberg" <jhh@xxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Sat, 12 Apr 2008 09:10:09 +0200

Hi Scott,

 

My first choice would be to use Group Policy Preferences (GPP) - ADMs are
history J

 

You can use Item Level Targeting to make sure the printers are mapped to the
users only on given computers.

 

To read more on GPP you could check out these articles:

http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-
Server-2008-Part3.html

http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-
Server-2008-Part4.html

 

I hope that helps out - good luck!

 

 

Best regards

 

Jakob H. Heidelberg

MVP:Enterprise Security

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Scott Bailey
Sent: 12. april 2008 04:03
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Custom ADM policy for Terminal Services sessions only

 

Hello All,

I have created a custom ADM file for mapping network printers for our
Windows 2003 terminal services.

 

1. I want the policy to only get applied to the terminal services sessions
and not the workstations the end users is logging on to. It is currently
doing both.

2. Is there a way to modify the KEYNAME using the GPMC instead of coding it
in the ADM file for future need of printer change outs.

I have 4 different printers so I have 4 ADM files, I cannot use loopback
processing.

 

Thanks for any input on this!

 

===================================

CLASS USER
CATEGORY "Windows Components"
CATEGORY "Terminal Services"
CATEGORY "Custom Installed Printers"

 

KEYNAME "Software\Microsoft\Windows NT\CurrentVersion\Windows"

 

POLICY "PrinterName"

 

 #if version >= 4
 SUPPORTED !!TS_SUPPORTED_Win2k3_Sp1
 #endif

 

EXPLAIN !!PrinterDef
   PART "Default Printer"
   EDITTEXT
   DEFAULT " <file:///\\server\PrinterName,winspool,Ne11>
\\Server\PrinterName,winspool,Ne11:"
   VALUENAME "Device"
   END PART

 

   KEYNAME "Printers\Connections\,,Server,PrinterName"
   PART "Provider"
   EDITTEXT
   DEFAULT "win32spl.dll"
   VALUENAME "Provider"
   END PART

 

   PART "Server"
   EDITTEXT
   DEFAULT " <file:///\\server\> \\Server"
   VALUENAME "Server"
   END PART


END POLICY
END CATEGORY
END CATEGORY
END CATEGORY

 

[strings]
User="User"
TS_SUPPORTED_Win2k3_Sp1="At least Microsoft Windows Server 2003 with SP1"
PrinterDef="Definition

DISCLAIMER:
This electronic mail message and any attached files contain information
intended for the exclusive use of the intended addressee and may contain
information that is proprietary, privileged, confidential and/or exempt from
disclosure under applicable law. If you are not the intended recipient, you
are hereby notified that any viewing, copying, disclosure or distribution of
this information may be subject to legal restriction or sanction. Please
notify sender if you are an unintended recipient and delete the original
message without making copies. Thank you.

Other related posts:

  1. Home
  2. gptalk
  3. Archive
  4. 04-2008