+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
How do you do....it? Thread, TS on a CC3 domain in Technical; We've just set up TS and got all the settings how we want except I need to be able to ...
  1. #1

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242

    TS on a CC3 domain

    We've just set up TS and got all the settings how we want except I need to be able to do two things.

    First - Map shared network areas to a drive letter (as this isn't picked up as part of profile for some reason) : The home area is mapped to N: though as expected.

    Second - Hide and prevent access to local drives C:, E: and F:

    Help please

  2. #2
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    If you haven't already done so, create a GPO and link it to the OU containing the terminal server. Use loopback policy processing to configure user settings:
    Microsoft Corporation

    You can add a vbscript (or similar) logon script to map drives: Mapping Network Drives - EduGeek.net Wiki

    To hide drives, configure the settings in the aforementioned GPO with loopback policy processing: Using Group Policy Objects to hide specified drives

    I've used this printer logon script to handle terminal services sessions.

  3. Thanks to meastaugh1 from:

    Hightower (2nd July 2008)

  4. #3

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Would this not apply the GPO to all servers in that OU?

  5. #4
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    If you are sticking your TS computer accounts in with the DC accounts, then yes they will all get the loopback policy, assuming default permissions.

    I'd advise you to create a new OU with inheritance blocked. You can then link the policies you want/need to this new OU.
    I believe it's default for CC3 to have an OU structure of Domain Controllers>Establishments>ABC>Servers - No Inheritance. I created an OU called Terminal Servers within the Servers - No Inheritance OU.

  6. #5

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Legend! Sorted it

  7. #6

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Ok then, so I was all hunkey dorey with my new TS until I thought "well what if I tweak this"

    So a test user tries to load up 'Word' for instance (or any other app) and this warning appears

    Open File - Security Warning

    The publisher could not be verified - are you sure you want to run this software?

    Now the user can click 'Run' or 'Cancel' - If 'Run' is clicked the app loads fine. It's just a bit tedious to click everytime - anyway to stop it?

  8. #7
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    I think I have had this while I was experimenting with different policy settings.

    Presumably you are logging on a with a standard CC3 user? Are you running loopback in merge or replace mode?

  9. #8

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Standard CC3 user - Loopback in Replace I believe (can't deffo remember off the top of my head)

  10. #9

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Which one should I be using? Replace or Merge?

  11. #10
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    I'd recommend Replace. I did try Merge to minimise having duplicate policies (CC3 GPOs and vanilla GPOs), but this incurred significant performance issues.

  12. #11

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    What would be the problem if I created this GPO and it started replicating to the rest of the CC3 network?

  13. #12
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    Can you elaborate on what you mean? Are you talking about applying your policy across the domain?

  14. #13

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    Lets say I had a TS in Computers within an OU called 'TS'. This TS had it's own GPO (as recommended) which was set up in merge mode.

    Why would it apply that GPO to other machines too? The TS is the only machine in the TS folder

  15. #14
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    By having it in merge mode, when a CC3 user logs on to terminal server, they will also pick up all the RM user GPOs. I'd recommend Replace mode, it does require a bit more work, but as I mentioned I had problems in Merge mode (specifically on the terminal server).

    It wouldn't affect other machines if it's only applied to the TS OU. I was a bit confused by this
    What would be the problem if I created this GPO and it started replicating to the rest of the CC3 network?

  16. #15

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    242
    No problems - thanks for your help

    I just wanted to make sure before I started tinkering. I've changed one thing (remove search from start) just to check and everything seems to be working fine.

    Still having problems with the Unknown Publisher - Do you want to run this?



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. WOL Whole Domain
    By RobFuller in forum Windows
    Replies: 6
    Last Post: 4th June 2010, 11:25 AM
  2. Domain Name
    By TechSupp in forum *nix
    Replies: 1
    Last Post: 23rd January 2008, 04:58 PM
  3. Replies: 3
    Last Post: 10th April 2007, 09:40 AM
  4. 1 Domain + 1 domain + syncronised users = possible?
    By tarquel in forum Wireless Networks
    Replies: 52
    Last Post: 30th October 2006, 03:08 PM
  5. Replies: 15
    Last Post: 15th September 2006, 10:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •