Local security w2k question - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Local security w2k question

  1. #11
    Junior Member
    Join Date
    Jan 2005
    Posts
    5
    You can also set security policy by using the secpol.msc snapin.

    I didn't know that about the remote desktop. quite cool
    Bang Head Here ( )

  2. #12
    Senior Member
    Join Date
    Apr 2004
    Posts
    157
    Did you guys try the /console option for mstsc!? Are you connecting to a Win2000/Win2003 TS?
    That sure isn't working for me at least, I just get connected like a regular RDP connection, not taking over the actual console session...

    Would be really cool if it worked though...!

  3. #13
    Senior Member
    Join Date
    Apr 2004
    Posts
    157

    Question

    Maaaan... I have now tried all combinations I can think of, without success.
    From WinXP/Win2003 to Win2000/Win2003...
    Was never able to connect to the console session...

    Must be doing something wrong I guess... or some kind of policy is preventing me to connect to the console and automatically shots me over to a regular RDP session.. strange... !

    Guess I will try the MS Forums... will let you know if I figure it out...

  4. #14
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Good point "mstsc /console"!!

    Thx!

  5. #15
    Senior Member
    Join Date
    Apr 2004
    Posts
    157

    Talking

    Sorry, I think I confused myself!! :]

    The only sadness is it only works on Win2003 not on Win2000...

    Anyway, what confused me was when looking in TSADMIN, it still shows the remote console session as a RDP session, and the local console session is still "usused", but when looking closer the RDP session took over ID 0, which always is the console..
    I guess TSADMIN is also getting some what confused over the whole thing.. hehe!

    Started Windows Update locally, connected remotely with two admin connections, then tried a third to simulate you being locked out, then tried the /console option and voila! Took over the local console with Windows Update running in the background, awesome!

    Very cool, thanks a lot zencoder!!

  6. #16
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by SawPer
    Sorry, I think I confused myself!! :]

    The only sadness is it only works on Win2003 not on Win2000...

    Anyway, what confused me was when looking in TSADMIN, it still shows the remote console session as a RDP session, and the local console session is still "usused", but when looking closer the RDP session took over ID 0, which always is the console..
    I guess TSADMIN is also getting some what confused over the whole thing.. hehe!

    Started Windows Update locally, connected remotely with two admin connections, then tried a third to simulate you being locked out, then tried the /console option and voila! Took over the local console with Windows Update running in the background, awesome!

    Very cool, thanks a lot zencoder!!
    I don't think it is actually getting confused, and I don't believe the intent was ever to do a 'shared desktop' (like PCAnywhere). Microsoft already has a tool to do this in Remote Assistance (which is pretty much the same code base as Remote Desktop/Terminal Server). The point of /console is more of a policy issue. IIRC, the default setting for Remote Desktop/TS connections is 2 remote connections max. This can be changed, but I've seen it do some flaky things when too many users are connecting remotely with a full desktop. The /console option let's a Remote administrator connect even when the max. connections has been reached, by giving him the reserved session for the local console.

    You folks having trouble will have to read up on the mstsc /? info for how to use it, I don't recall the details, but I consult it myself everytime I need to use this. I don't use anything older than XP/2003 nowadays, simply due to the environment I work in, so I haven't tried it in any other combinations. But it sure beats resorting to a tool like Dameware or VNC, if you need to do something on the fly!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #17
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    BTW, some of you guys, know how copy local policy from a PC to another one?

    Thank you.

  8. #18
    Senior Member
    Join Date
    Apr 2004
    Posts
    157
    That's what Active Directory is for.. do you have your computers in a Domain environment?
    You can set all the policies through Active Directory Users and Computers, and have them apply to whole OU's.

    If not, I'm not sure if it can be done. In NT4 with POLEDIT you were able to export and import those settings from one workstation to another, but doesn't seem as easy here.
    I think all the files keeping this configruation are using extension *.adm .
    Might be able to copy those to another machine? Haven't ever tried it though.. somebody else might know??

  9. #19
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Yes, I already have a domain and GPO at OU level working. I was wondering it could be usefull with thw users who have laptops. Now I've to configure de local policy by hand in each!!

    Thank you!

  10. #20
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by DerekK
    Yes, I already have a domain and GPO at OU level working. I was wondering it could be usefull with thw users who have laptops. Now I've to configure de local policy by hand in each!!

    Thank you!
    Why?!? Are they in a different OU? Are they not members of the domain at all? We have all systems (except some select servers) in the Domain(s) here at my clients site. There are many groups (OU, but I like the word group for some reason) for different purposes. We have a 'relaxed GPO' group, where only the most important restrictions are placed on the system/user, but most of the rest are lifted (such as ability to install software, stop services, etc.) "Relaxe GPO" is for the power users in IT, for example. We have a mobile users group, so they can have a few of the extra options that users may need when not connected to the network.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •