I assume that you have locked down the Terminal Server sessions
with a GPO, correct? And now that GPO also applies when the users
log on to their workstations?
The fix for this is to use "loopback processing" of the GPO.
The basic steps to use a GPO to configure a Terminal Server:
1. place the Terminal Server (not the users!) in a separate OU
2. create a TS-specific GPO
3. configure the GPO to use "loopback processing" with the
"Replace" option. See:
http://support.microsoft.com/?kbid=231287
4. link the GPO to the OU which contains the Terminal Server
machine account
5. add the Terminal Server machine account to the security list of
the GPO
6. add a User group to the security list of the GPO (or keep the
default entry for "Authenticated Users" if you want the settings
in the GPO to apply to all users)
7. modify the rights for Administrators on the GPO: select "Deny"
for the right to "Apply this policy". See:
http://support.microsoft.com/?kbid=816100
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting:
http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"bmense@gmail.com" <bmense@gmail.com> wrote on 19 jul 2007 in
microsoft.public.windows.terminal_services:
> I'm trying to find away to lock down a user when they login
> through RDP, but not when they login to there system in the
> Office.
>
> Currently I've created another user for them to use only when
> they are logging in remotely.
>
> Is there another way to create an alias of the original ID?