Backtrack:  
 
by lunarg on July 2nd 2012, at 17:19

This article is a reference to a number of articles and links to provide information about how to succesfully lock down your Remote Desktop Server (2008R2) or Terminal Server (2003 / 2008). It is not a definite guide to how to perform a lock down, but will provide certain pointers, and highlight certain pitfalls. It is a work-in-progress and several additions will be made as the guide progresses.

Preparations

You obviously need a Windows-domain running AD for lockdown to work properly. A standalone server running a local group policy can't be locked down enough to be useful. A domain is highly recommended.

Your DC or a member server (can be the RDS / TS as well) should have the Group Policy Management tools installed. This is required to create GPOs and have them applied.

If one or more of your TS servers are running 2003 or a 2008 without service packs, you may have to install the Group Policy Preference Client Side Extensions for the proper application of your GPOs. This update is required if you want the GPP part of a GPO to be applied.

Basic lockdown through GPO

Further lockdown of your server

 
 
« August 2017»
SunMonTueWedThuFriSat
  12345
6789101112
13141516171819
20212223242526
2728293031  
 
Links
 
Quote
« Debating Windows vs. Linux vs. Mac is pointless: they all have their merits and flaws, and it ultimately comes to down to personal preference. »
Me