Terminal server installed on a WIndows 2000 DC – GPO question

pts.
Tags:
Access control
Browsers
DataCenter
filtering
Networking
Servers
SSL/TLS
Web security
I have a Windows 2000 Domain controller with Terminal Server installed on it. I understand that running TS on a DC is not recommended, but I have to use what I have available. My question is how do I lockdown a user with a GPO when they log on remotely and not when they log in over the LAN. I would like one GPO to be applied when the user logs in from the office and another when they log in from offsite. Thanks for you help.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Could you take advantage of slow link detection settings on the GPO to set the threshold for the application of the machine and user policies higher assuming the remote connections are not high speed? default is 500 KB I think.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ladrick
    I have found in my experience that running TS in a windows 2000 domain can only be done on the DC otherwise you will have all sorts of troubles especially with TS CALS... Why dont you make just make it local group policy.
    0 pointsBadges:
    report
  • RicFer
    Listen, If you are runnig TS on a DC, it means you're running it in administration mode, wich is not recomended because useres will still have administration priviledeges thoug they're part of a GPO. I strongly advise to run TS on a different server. The only inconvient is you have to buy a extra license of Windows 2000/2003 server and of course the TS cal. Best regards
    0 pointsBadges:
    report
  • Gstornelli
    If you are running Windows 2000 Server (not Windows 2003), it is not necessary to leave terminal services in administration mode. You can enable full Terminal Server mode with no problems. You can make sure that the server is in the Active Directory "Domain Controllers" group. Then you can set the "user" section of the default domain controllers policy to lock down users. Terminal Server Client Access Licenses for Windows 2000 are included in Windows 2000 and Windows XP. You would need to purchase TS Cals for Windows 95/98/me clients, if you have any who need to access the terminal server. I ran a Windows 2000 terminal server with about 20 users, and Exchange 2000 for a few years. Just be sure that you have plenty of memory (2GB worked well for my server).
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following