|
There is a way to set a policy settin seperately for the users.
see
kb293655
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano Sent: Tuesday, June 21, 2005 8:12 AM To: [email protected] Subject: [ActiveDir] Lock down server not in a domain using GPO We have a terminal server we would
like to use for clients to access some of our data that they need and this
server should be locked-down so the clients can only do what they need. The
problem is that management would rather this server not be a member of our
domain so we cannot use AD GPOs to lock the server down. I looked into using
local policies to lock down the machine, but found out that they would also
affect the administrator account unless that group/account is denied ‘read’
permissions to the “..\system32\grouppolicy” folder. However, would this not
deny editing of the policies in the folder as well. It has been suggested that we create
a new AD domain solely for use with this terminal server. Is this a good idea? I
tend to think this is too much solution. Can anyone make any suggestions on
the best way to accomplish our goals? Thank you in
advance, _________________________ PC Support
Specialist |
- RE: [ActiveDir] Lock down server not in a domain... Cothern Jeff D. Team EITC
- RE: [ActiveDir] Lock down server not in a d... Darren Mar-Elia
