« The last week or so... | Main | Solarwinds Engineer's Toolset v10 - Part 1 - Installation »

03/04/2009

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Shawn Ross

Daryl,

When you guys setup a "template" that you use with Terminal Services, are their security restrictions you place on the TS session(s). This is one area where there is differing opinions, and I'm curious what LC is doing.

SRoss

DWHunter

Shawn--

Great question. I assume you're asking whether non-admin TS users can install software, or access other "system" resources...

The "TS Admins" group, consisting of our Domain Admins and a couple other accounts, has full control over the TS box - they can install updates, install software, and manage the TS sessions.

The "TS Users" group, consisting of a named/identified subset of our overall users, are part of the Remote Desktop Users local group. As such, they can log on remotely (duh, the purpose of TS right?), and they can access their local user profile just as if it was their local workstation.

They can install applications for themselves, but cannot use the "Install Application on Terminal Server" applet nor can they perform local administration (like installing Windows Updates).

Overall, philosophically, at LC.tv we try to give the local user as much access as possible. We are all local admins on our machines, both Mac & PC. Doing so means there are more opportunities for corrupt profiles, bad application installs, and dangerous spyware/adware. However, being such a highly mobile workforce (99% laptop users), with such various needs for applications and support programs, we try to educate our end-users as much as possible about "safe" computing, and then address issues as they arise.

If that didn't answer your question, let me know and I'll try again.

The comments to this entry are closed.

Twitter Updates

    follow me on Twitter