terminal server and gpo

Access control
Application security
Business/IT alignment
Career Development
Current threats
Data analysis
Digital certificates
Disaster Recovery
Exchange security
human factors
Identity & Access Management
Incident response
Instant Messaging
Intrusion management
Microsoft Exchange
Network security
Partner facing
PEN testing
Platform Security
Project management
Risk management
Secure Coding
Security Program Management
Security tokens
Single sign-on
vulnerability management
Web security
i have a server 2003 that configure as a terminal server, and i want implement a strict acess to this server from client (xp pro) to that server, i create ou that called "for terminal users" and create for that ou a gpo, now,, i want to know how should i change the gpo to achive the next goals: 1. all user that connect to the terminal will get a same desktop and same icons. but i want that when the same user's connect to them xp they get a cusomize icon and desktop as they wish 2 how i redirect my document's of users to server? 3 can i apply a gpo to some user in the "for terminal users" ou and in the same time apply other gpo to that users' ? there is no conflict? 4 how i configure outlook for users that when they connect to the terminal the outlook will open up like they in the desktop ? thanks a lot dror

Answer Wiki

Thanks. We'll let you know when a new response is added.

I have been using a program called ScriptLogic that addresses what you wish to accomplish. I am able to set up desktops, outlook settings and other profile type settings that you can customize by user, groups, and even the type of login source (OS, workstation, server, etc… )

Check it out at ScriptLogic.com. I am not a representative of the company. I have just been very pleased with how this program has made managing my network so easy!

A lot of the settings in ScriptLogic can be configured via login scripts and roaming profiles. This program, I have found, is the best way to simplify managing login tasks.


Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Petroleumman
    Hello, ScriptLogic is a great software solution that will tackle most of your needs very easily without a doubt. It's certainly worth the investment. Now if you don't have a budget for ScriptLogic, there are ways to accomplish what you want to do without it. First the users desktop environment. You can accomplish this task by creating either a roaming or mandatory profile and assigning it as the users Terminal Services profile. Assign TS profiles on the users propertie sheet, Terminal Services Profile tab. When choosing a profile type (roaming or mandatory) remember that a mandatory profile forces everyone to use the same settings (desktop icons, shortcuts etc.)without the ability to permanently change them. A roaming profile will allow each user to customize there desktops. Folder redirection can be accomplished using custom logon scripts which can be assigned to each user in AD, or through GP settings. Do a search using keyword folder redirection and you should find several postings describing how to do this. Group Policy is applied to objects such as a computer, an OU, a domain or site but not on a per user basis. This being said, it is possible to assign multiple GPO's to an OU but you will not be able to pick and choose which users belonging to that OU will recieve the policy. Depending on what your trying to accomplish through GP, you may be able to accomplish your goal through the use of IPSec policy. IPSec can be applied to user groups which gives you more granularity in how they are applied. Create user groups within the OU and create a seperate policy to control each group. Outlook profiles can be configured to use your company's Exchange server as the source of the profile. Configuring Outlook in Exchange Server mode leaves all of the users messages, folders etc. on the server making it available to a user from any computer on the network unlike profiles that download messages off of the server to the local computer. You can include Outlook as part of your roaming profile configuration. There is just not enough space to walk you through set up of each of the above solutions, but if you do your homework you will find tons of great information on line to help you. One bit of advice, make sure you take some time and plan out exactly what you want to do and research the best way to get it done. You can get in over your head real fast if your not familiar with what your doing. Good luck!
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: