So my company has bought a company in Africa and i am moving them over to a virtual 2003 terminal server, my users use a 2008 server to save on licenses and as they are only running sage and emails i will recycle my old ts.
I wish for them to be able to do NOTHING whatsoever except open outlook, print via redirected printers and open sage.
can this be achieved with Group Policy's? or should i look at some software to lock it down. Is server 2003 TS secure?
You'll need a domain controller and for that Terminal Server to be part of the domain, along with the users. But yes, you can do it all with Group Policy and Software Restrictions (A subset of Group Policy). You may also want to apply the relevant patches to allow Group Policy Preferences to work, as these offer even greater flexibility.
The policies you require are well out of the scope of answering here, though, but there are many resources on the internet. To a degree, though, you'll have to go through a testing, development and trial and error phase. It can be a bit hard going at first, but I wouldn't cave and start using some cheapy 3rd Party software because they almost all suck.
The only ones I could recomment in good faith are RES Software and Appsense Environment Manager. They both have a real learning curve, though, and I still think they're overkill for what you require.
Here is a basic lockdown template: http://support.microsoft.com/kb/278295/en-us
If you want to lock it down further, I advice you to use 2008 R2, and use some of it's AppLocker functionality, which I believe allows you to specify exactly which applications that can run. See here for more info: http://technet.microsoft.com/en-us/library/dd723678(WS.10).aspx