i’ve just added a 2nd TS into our network and i’m trying to migrate some users to the new TS. They aren’t load balancers or in a cluster.
Basically i want some users to only be able to logon to TS2
I created 2 security groups in ADUC. ‘TS1 users’ and ‘TS2 users’. What i then did was, using the advanced view, went in the ‘secuity’ tab of the TS1 computer object and added ‘TS2 users’ into the list and denied them ALL access.
Yet they can still get into TS1.
The real problem here is the users could easily log back in to TS1, deliberatley or otherwise, unless i can lock them down.
We don’t use roaming profiles, so it would mean i’d have to go round to each pc and put the correctly configured RDP file on that particular users desktop, which is a lot of work.
So…..any idea why what i’ve tried so far hasn’t worked?
I obviously cannot check the box in AD which states “deny user access to all terminal servers”, cos then they’d get nothing.