Locking down a terminal server

Create an OU for your terminal servers and put all of your terminal servers in this OU
Create a new GPO(Group Policy Object) for the lockdown of the terminal servers
Under the computer settings of the GPO to use “loopback processing” with the “Replace” option.
Once you create the group policy link it to the OU that you created in step one.
This step is important, you must go into the security properties of the GPO that you created and add the name of ther server with a “$” at the end and give it the “apply” permission.
Add the group that you want to apply this lockdown policy to. You can add authenticated users or domain users.
Make sure the administrator account or administrators group has the deny checkbox for “apply” in the security tab. Entire article can be found here.