Hello! We recently had to figure out how to use Group Policy to automate allowing groups of users to have Terminal Server access to different sets of hosts, either as a local user or local administrator. Not being a Windows Administrator of much experience, it took me a while to figure out all the knobs that needed tweaking.
The basic results are: Computers go in an OU named after their role (say, "Webservers") Users go in two groups, "Webserver Users" and "Webserver Admins" Group Policy sets the local Remote Desktop Users and Administrator groups, along with the "Log on through Terminal Services" and "Log on through the Console" rights. Once it's running, you pretty much just need to move the computer into the right part of the tree after joining the domain, and all the right access controls will cascade. The process is documented here: http://blog.hjksolutions.com/articles/2007/07/19/six-steps-to-automated-user-access-control-for-windows I would love any feedback, or alternate ways to achieve the same net effect. Thanks! Adam -- HJK Solutions - We Launch Startups - http://www.hjksolutions.com Adam Jacob, Senior Partner T: (206) 508-4759 E: [EMAIL PROTECTED]
