Terminal server installed on a WIndows 2000 DC – GPO question
I have a Windows 2000 Domain controller with Terminal Server installed on it. I understand that running TS on a DC is not recommended, but I have to use what I have available.
My question is how do I lockdown a user with a GPO when they log on remotely and not when they log in over the LAN.
I would like one GPO to be applied when the user logs in from the office and another when they log in from offsite.
Thanks for you help.
Software/Hardware used:
Software/Hardware used:
ASKED:
February 10, 2006 2:43 PM
UPDATED:
February 14, 2006 9:42 AM
Answer Wiki:
Could you take advantage of slow link detection settings on the GPO to set the threshold for the application of the machine and user policies higher assuming the remote connections are not high speed? default is 500 KB I think.
To see all answers submitted to the Answer Wiki: View Answer History.
I have found in my experience that running TS in a windows 2000 domain can only be done on the DC otherwise you will have all sorts of troubles especially with TS CALS…
Why dont you make just make it local group policy.
Listen,
If you are runnig TS on a DC, it means you’re running it in administration mode, wich is not recomended because useres will still have administration priviledeges thoug they’re part of a GPO. I strongly advise to run TS on a different server. The only inconvient is you have to buy a extra license of Windows 2000/2003 server and of course the TS cal.
Best regards
If you are running Windows 2000 Server (not Windows 2003), it is not necessary to leave terminal services in administration mode. You can enable full Terminal Server mode with no problems.
You can make sure that the server is in the Active Directory “Domain Controllers” group. Then you can set the “user” section of the default domain controllers policy to lock down users.
Terminal Server Client Access Licenses for Windows 2000 are included in Windows 2000 and Windows XP. You would need to purchase TS Cals for Windows 95/98/me clients, if you have any who need to access the terminal server.
I ran a Windows 2000 terminal server with about 20 users, and Exchange 2000 for a few years. Just be sure that you have plenty of memory (2GB worked well for my server).