Terminal Services

[3aFaReeT]

Dear All,

We've recently installed Terminal Services Licensing on our Domain controller and the Terminal Service on to another server as application mode in order to login to it using specific users from our active directory to access an Application.

The Problem:

Any user from our active directory is able to login to that server

Requirement:

Only Specific users or Groups (OU) must login to that server.

Solution Found:

At each user level in the active directory there is a tab called (Terminal Services Profile) in which allow logon to terminal server is Checked? by un-checking it the user will not be able to login to that server.

BUT!!! Doing this excessive for 400+ users is headache..

Can anyone guide me in how to achieve this task in which ever way?

I'm very new to Terminal Services

I hope my explanation is clear... incase of any questions i'll be back to the net after an hour and a half

regards... and thanks alot to all of you

[OPaul]

Can you separate them into 2 different groups and then assign one group the ability to log on and the other not?

[randy_tho]

Can you separate them into 2 different groups and then assign one group the ability to log on and the other not?

585937090[/snapback]

Thats what I was thinking but it's kind of dirty. You also will probably want to make 2 new under your OIB.

My knowledge is limited on AD, GP but I'm trying to learn.

[Billprozac]

In order to log onto the TS server, you have to have the logon locally permission. Chances are, you assigned that permissionto the Domain Users Group in order to get things working. Change that to include an new OU called TSusers and remove domain users, then add just the users to that group.

Btw, Domain Users may be a part of a local group that is allowed the log-on-locally permission, so you may have to hunt.

Edited May 18, 2005 by Billprozac