Can the policy be applied to the RDS server based on the location of the user's computer?

N

Nicholas Secret2020-02-02 11:12:55

Group Policies

Nicholas Secret, 2020-02-02 11:12:55

Businesses love challenges.
The task was to set the idle screen lock time on all domain computers to 5 minutes. They did it.
The part of users who worked inside the enterprise network on windows not in a domain and on Linux also fit perfectly into this policy, because they work only on RDS and after five minutes of inactivity they are required to enter a password already on RDS.
But the part that works on RDS from domain computers is not good, because now they have to enter a password both on their computer and on RDS, remoteapp users fell under the same distribution.
I don’t have the opportunity to create different farms for different tasks and apply different policies to them, in view of the severe resource limitations.
So the question arises, can I apply the policy to one and the RDS farm, which also provides remoteapp, so that it does not apply if the user is logged in from a domain computer and it does not matter if it is a session or remoteapp. And if not from the domain, then to be applied.
If so, how, if not, then fine.
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey Dmitriev, 2020-02-03
@SignFinder

There are two main methods for filtering policy enforcement in GPOs - WMI filters and Item-level targeting in GPO Preferences.
I would rewrite the policy to Preferences - if there are no ready-made options in the templates that you use = then just registry keys. And filtering through Item-level targeting is very flexible.
And the domain-non-domain check is, in fact, a check for sloth in the Domain Computers group