GPO locking down terminal server

we want lock users redirecting local machine (i.e. printer, drive, clip board, etc...) while allowing others/admin/owner able so. set gpo in white papers , lockdown working not allowed users. have set loopback ou of terminal server. thank you.

hi,

 

you can using gpo disable\enable device , resource redirection:

group policy computer configuration \ administrative templates \ windows components \ remote desktop services \ remote desktop session host \ device , resource redirection

 

then can link gpo ad group disable device , resource redirection , and members of specific ad group refused inherit group policy. distinguish between allowed , not allowed device , resource redirection.

 

more information:

group policy settings , configuring client experience:

http://technet.microsoft.com/en-us/library/ff710512(ws.10).aspx

 

i explain solution in detail. please refer following items.

 

you can create lockdown policy(named: lockdown) loopback processing set replace , linked ou contain rds servers. lockdown policy disables device , resource redirection authenticated users group. can enable device , resource redirection members of specific ad group(others/admin/owner).

 

1.       you can create group(named: a) specific users(others/admin/owner), add specific users group.

2.       in group policy management, click lockdown policy, can find delegation area in right panel, please add a group group , users, select group , press advanced button.

3.       in lockdown security settings, select a group, clear of allow, select apply group policy-deny. press ok.

4.       run gpupdate /force in command prompt for server , client.

 

hope helps.

 

---

technology changes life……

Windows Server  >  Remote Desktop Services (Terminal Services)