Terminal Server - Group Policy prevent command line

windows-server-2008 command-line-interface group-policy terminal-server
10,529

Solution 1

There's a group policy setting that explicitly sets this, located here: Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services -> "Allow users to connect remotely via Terminal Services"

To fix the issue, you need to unset (not 'disable') this on the GPO. After a policy refresh you should get back the ability to control logon availability.

Solution 2

You can also remove Group Policy's ability to actually apply that setting by setting up the permissions without System. Mark Russinovich has a good article on doing this.

http://blogs.technet.com/b/markrussinovich/archive/2005/04/30/circumventing-group-policy-settings.aspx

This is slightly better than a Scheduled Task to change the registry value. I wouldn't call it elegant, though :)

But really, the right way to do this is to either unset the Group Policy (as Chris Thorpe said), or disable inheritance for the server's OU and make another GPO without that particular policy.

EDIT: You can also use WMI filtering to exclude that particular server from receiving the entire policy. Note that if a particular GPO is filtered out, the ENTIRE GPO's policies are not applied. If you go this route, I'd recommend breaking out the Terminal Server connection policy into a new GPO, so the rest of the settings aren't ignored.

Microsoft TechNet info: http://technet.microsoft.com/en-us/library/cc779036(WS.10).aspx

Filtering based on computer name (scroll down for the answer): http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_22864893.html

Share:
10,529

Related videos on Youtube

Developer
Author by

Developer

Updated on September 17, 2022

Comments

  • Developer
    Developer over 1 year



    Retrieve the receipt data from the transaction’s transactionReceipt property and encode it using base64 encoding.

    How can I encode NSData using base64 encoding? Please give the code for that.

    EDIT
    I did it. but now the response is 

    {exception = "java.lang.NullPointerException"; status = 21002;}

    my recipt verification method is this

    -(BOOL)verifyReceipt:(SKPaymentTransaction *)transaction
{
    NSString *recieptString = [transaction.transactionReceipt base64EncodingWithLineLength:0];
    NSLog(@"%@",recieptString);

    ASIFormDataRequest *request = [[ASIFormDataRequest alloc] initWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://buy.itunes.apple.com/verifyReceipt"]]];

    [request setPostValue:recieptString forKey:@"receipt-data"];
    [request setPostValue:@"95140bdac98d47a2b15e8e5555f55d41" forKey:@"password"];
    [request start];

    NSDictionary* subsInfo = [[request responseString] JSONValue];
    NSLog(@"%@",subsInfo);

    return subscriptionEnabled;
}

    Where 

    NSString *recieptString = [transaction.transactionReceipt base64EncodingWithLineLength:0];

    returns me base64 encoded string.
    I also tried

    NSString *recieptString = [transaction.transactionReceipt base64EncodingWithLineLength:[transaction.transactionReceipt length]];

    but response is same.
    can any one of you let me know where I could be wrong.
    Thanks-

    • Admin
      Admin about 14 years
      Have you found an answer to this?
    • Admin
      Admin about 14 years
      no, i found no solution to this problem.
    • Dancreek
      Dancreek about 13 years
      It would be helpful to have some more context.
  • Zoredache
    Zoredache almost 14 years
    While I agree this is the problem and changing the policy may fix the issue, given the current OU/GPO structure making this change is not an option. Are their any alternatives? One thing that looks tempting is in the Session Host Configuration. There is an option User Login Mode where you can set the host to prevent new connections. Do you know how to modify the User Login Mode from a script/command line? I would like to be able toggle between Allow all and Prevent reconnections.
  • Aashraya Singal
    Aashraya Singal almost 14 years
    There's no way of fixing the issue unless you can somehow remove that policy's applicance onto that particular server. You could do this by creating a dedicated OU for the terminal server, moving the terminal server object into this OU, and creating a copy of the policy applied to the previous OU and setting 'block inheritence' on the OU. Then just take off the one setting you wanted to remove. I'm not aware of a non-GPO solution to this, as bypassing GPO settings is generally not possible regardless of the approach. By design.
  • NorbyTheGeek
    NorbyTheGeek over 11 years
    As an update for people finding this answer via Google, the policy is now located in Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> "Allow users to connect remotely using Remote Desktop Services"
  • beretis
    beretis over 7 years
    Thank you for this!
  • Zennichimaro
    Zennichimaro over 7 years
    where did you get the base64 encoding code that works with Apple receipt verifier server? it was working but it is no longer working anymore (current iOS 10.0, base sdk: 8.0)
  • Zennichimaro
    Zennichimaro over 7 years
    sorry.. I POST receipt-data="xxx" whereas I should POST in JSON "{ \"receipt-data\" : \"xxx\"}"
  • Zennichimaro
    Zennichimaro over 7 years
    now it works, but I am still curious where did you get the code.. even Apple's [NSData base64EncodedStringWithOptions] doesn't work, whatever the options is... stupid Apple..
  • Saurabh
    Saurabh over 7 years
    This above is the core algorithm to convert anything to base64 if you search google you could find this in almost every other language

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Show Mail Control Panel item from Outlook 2010 (32-bit)on Windows 2008R2 Terminal Server
I want a user to see a shortcut on their desktop only when they log into a virtual terminal session
Can I disable sticky keys through a Group Policy for all users?
Configuring group policy to bypass proxy server for local addresses and adding a domain to trusted root certificate authorities
Exclude site from Compability View policy
Remove delete permission for active directory group in Microsoft 2008 Server R2
Using DSMOVE to move inactive computers to a new OU
Deleting Server 2008 R2 profiles: NTUSER.DAT
Task Scheduler : Logon as Batch Job Rights
Default Domain Policy Overriding Custom GPO even though Custom GPO is Enforced