How to lock windows 2000 Terminal Server sessions

Source: Internet
Author: User
Document directory
  • The information in this article applies:
Summary

On a Windows 2000-based computer, you can use the Group Policy to lock the Terminal Server session. After the following settings are performed, access to the Administrator account is restricted. We strongly recommend that you create a new organizational unit instead of modifying the policy of an existing organizational unit.

Note:: Using these policies does not guarantee computer security. They can only be used as a general guide. More information

Use "Active Directory users and computers" to create a new organization unit (OU ). Right-click the ou and clickAttributeAnd thenGroup PolicyClickNew policy. Use the following settings to edit this policy:

  • [Computer Configuration \ management template \ System \ group policy]

    Enable the following settings:

    Processing Method of inverse User Group Policy

  • [Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options]

    Enable the following settings:

    Do not display the username of the Last Logon on the logon screen
    CD-ROM is accessible only to locally logged-on users
    Only Local login users can access the floppy disk

  • [Computer Configuration \ management template \ Windows component \ Windows Installer]

    Enable the following settings and set itAlways:

    Disable Windows Installer

  • [User Configuration \ Windows Settings \ Folder Redirection]

    Enable the following settings:

    Application Data
    Desktop
    My Documents
    "Start" menu

  • [User Configuration \ management template \ Windows component \ Windows Resource Manager]

    Enable the following settings:

    Delete ing network drive and disconnect network drive"
    Delete Search button from Windows Resource Manager
    Disable Windows resource manager's default context menu
    Hide the "manage" project in the context menu of Windows Resource Manager
    Hide these specified drives in my computer(Enable this setting for drive a to drive D .)
    Prevent access to the drive from my computer(Enable this setting for drive a to drive D .)
    Hide the hardware Tab

  • [User Configuration \ management template \ Windows component \ Task Scheduler]

    Enable the following settings:

    Prevents tasks from running or stopping
    Disable "create new task"

  • [User Configuration \ management template \ taskbar and Start Menu]

    Enable the following settings:

    Disable and delete the "Windows Update" Link
    Delete A public program group from the Start Menu
    Disable programs on the settings menu
    Delete "network and dial-up connections" from the "Start" menu"
    Delete the search menu from the Start Menu
    Delete the "help" command from the "Start" menu
    Delete the "run" menu from the "Start" menu
    Add "logout" to the "Start" menu
    Disable and delete the "shutdown" command
    Do not change the settings of the "Taskbar and" start "menu

  • [User Configuration \ management template \ Desktop]

    Enable the following settings:

    Hide the "Network Neighbor" icon on the desktop
    Prohibit users from changing the path of "My Documents"

  • [User Configuration \ management template \ Control Panel]

    Enable the following settings:

    Disable Control Panel

    Important: After this setting is enabled, the administrator cannot install any MSI package on the terminal server even if the explicit "deny" permission is set for the Administrator account.

  • [User Configuration \ management template \ System]

    Enable the following settings:

    Disable Command Prompt(SetDisable scriptsSetNo)
    Disable registry editing tool

  • [User Configuration \ management template \ System \ login/logout]

    Enable the following settings:

    Disable Task Manager
    Disable "lock computer"

For information about locking Windows Server 2003 Terminal Server sessions, visit the following web page:

Http://www.microsoft.com/downloads/details.aspx? Familyid = 7f272fff-9a6e-40c7-b64e-7920e6ae6a0d & displaylang = en

The information in this article applies:
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Latest updates: 2004-6-16 (4.0)
Keywords: Kbhowto kbnetwork kb278295

Microsoft and/or its suppliers do not declare the applicability of files published on the server and the information contained in the graphics for any purpose. All such documents and related figures are provided "in accordance with the sample" without warranty of any nature. Microsoft and/or its suppliers hereby declare that they shall not be liable for all warranties and conditions relating to such information, such warranties and conditions include all implied warranties and conditions regarding merchantability, conformity with specific purposes, ownership and non-infringement. In all circumstances, in any lawsuit arising from or relating to the use or operation of information on the server, microsoft and/or its suppliers shall not be liable for any special, indirect or consequential losses or any type of losses caused by loss of use, data or profit, whether such litigation is a contract lawsuit, negligence or other infringement lawsuit.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.