I set up a company with remote access via VPN/Terminal Server so that one particular employee can work from home. She dials into the server (she is on Windows XP Professional) to work in an Access database that is running on the server.
All is fine. However, when she goes to Settings- > Control Panel, she can see all the admin tools. So I went into the group policy for the local machine and found the piece that allows me to turn off access to the Control Panel or parts of it. When I turn off access to the admin tools, she can't see them anymore. That's great. However, no one else can, including me as the administrator. So, I was wondering how to apply that particular policy (or any policy for that matter) to either a particular person or group.
You need to set this policy for the user, not for the terminal server. Configure the policy for the user's organizational unit (OU) (the relevant setting is in User Configuration -> Administrative Templates -> Control Panel), and you should be able to turn it off for the members of that OU without affecting you.
This was first published in October 2003