MSTerminalServices.org Forums

Forums Home | FAQ | Search | Profile | Private Messages | Log in/Register/Password

How to disable internet access from a Terminal Server 2003

Page 1 of 1
Next:  Microsoft Terminal Services: Universal printing questions  
Author Message
Tacobell2000




Joined: Feb 07, 2008
Posts: 2



(Msg. 1) Posted: Thu Feb 07, 2008 4:00 pm
Post subject: How to disable internet access from a Terminal Server 2003
Hello,

I am managing a domain with many servers two of which are terminal servers. Many users use remote desktop and connect to the terminal server. The terminal server has 2 accounting apps that users rely on to do their jobs. Unfortunately these accounting apps only run if users are local administrators. There is no way around that. As a consequence, I made the accounting group local administrators of 2 Terminal servers. To tighten security I created an OU "Terminal Servers" and moved both Terminal Servers to the OU. I then created a GPO and named it Loopback. I checked "Disable User Configuration Settings" and enabled "User Group Policy loopback processing mode". I set the Mode to "Replace" .
Then I created another GPO under the "Terminal Servers" OU and called it "Disable Internet Access". I then put a bogus proxy server under User Configuration-IEM-Connections/Proxy Settings.
I did a gpupdate /force on the PDC and on both Terminal Servers. I logged off and logged back on with a Test user account and the test user is able to go onto the internet from the terminal server.
I would like all internet access blocked from a Terminal Server for all users
I want all users to have access to the internet from their Desktops.
How do I accomplish this using a GPO?

Tacobell2000
Back to top
Send e-mail Login to vote
vera_noest




Joined: May 27, 2007
Posts: 202

Location: Sweden
(Msg. 2) Posted: Thu Feb 07, 2008 5:43 pm
Post subject:
First of all: I've yet to encounter an application which requires the users to be Administrators. Check here for a method to make them normal users again and only give them permissions on the registry keys and folders that they need:

My application runs fine for Administrators, but not for normal users

About your GPOs: have you disabled the Computer Configuration settings in your Internet GPO?

Run RSoP (Resultant Set of Policies to see which GPOs are applied to your testuser when loggin in to the TS.
Back to top
Send e-mail Login to vote
Tacobell2000




Joined: Feb 07, 2008
Posts: 2



(Msg. 3) Posted: Fri Feb 08, 2008 10:34 pm
Post subject: [Login to view extended thread Info.]
Thanks for the reply. I will test this weekend what you wrote about. And yes I have disabled Computer configuration settings on the internet access GPO.
Back to top
Send e-mail Login to vote
pie8ter




Joined: Feb 24, 2008
Posts: 5



(Msg. 4) Posted: Sun Feb 24, 2008 2:38 pm
Post subject: [Login to view extended thread Info.]
Why bother with all the GPO?

I also have to deal with applications that MUST have local admin rights.

How about blocking the internet access to those two terminal servers at the firewall? No matter what privilege users have on the terminal server, they can't get to internet if the firewall blocks all traffic from the terminal servers to the internet.
Back to top
Send e-mail Login to vote
Display posts from previous:   
    All times are: Eastern Time (US & Canada) (change) Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Terminal Services info?

Sign up to the MSTerminalServices.org Monthly Newsletter, written by Terminal Server MVP & Citrix CTP Stefan Vermeulen, containing news, tips, interviews, links of the month and much more. Subscribe today and don't miss a thing!

Become an MSTerminalServices.org member!

Discuss your Terminal Services & Citrix issues with thousands of other SBC experts. Click here to join!

Community Area

Log in | Register