No, because this GPO must be linked to the OU which contains your
Terminal Server, not to a OU that contains your user accounts. Note
that the setting is in the Computer Configuration area, not in the
User Configuration area!
You set permissions on the Security tab of the GPO.
816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100
Recommended reading:
260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370
231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by SWThanks, where is "Deny" for the right to "Apply this policy"?
Am I wrong in saying that if all the admins are in a different
OU then this "Deny" for the right to "Apply this policy" will
not need to be set?
Thanks
S
Post by Vera Noest [MVP]You can use this setting in a GPO which is linked to the OU
Computer Configuration\Administrative Templates\Windows
Components \Terminal Services
"Allow users to connect remotely using Terminal Services"
Make sure that you set the security of the GPO for
Administrators to "Deny" for the right to "Apply this policy",
otherwise you lock yourself out as well.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by SWHi, we use RDC to connect to our servers, but we only want
admins to have it.
I know only admins can log in, my I just don't want them
(users) to try.
Can I block them or is there a GPO which lets me remove it?
Thanks
S