Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Locking down Terminal Server

Posted on 2004-09-15
3
Medium Priority
?
291 Views
Last Modified: 2010-04-19
Hello, I need to allow remote users to access a program running on a member server. Terminal Server is running in application mode. Any hints,or suggestions on restricting their access to only the one program and select folders?  
0
Comment
Question by:91mustang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Accepted Solution

by:
harleyjd earned 2000 total points
ID: 12074410
Set the default users profile to have nothing in the \Start Menu\Programs folder

Add only the program shortcut to the All User \Start Menu\Programs folder

hide/restrict users access to the c:\ drive via group policy. Hide any other stuff you see fit

run the chkroot application compatability script to give them a virtual rootdrive - I use W:, but you can use anything.

This should allow them to see only the one icon, and not be able to browse for any executables on the c:\ drive...

Check the following for some general info:

How to Apply Group Policy Objects to Terminal Services Servers - http://support.microsoft.com/default.aspx?scid=kb;en-us;260370&sd=tech
Loopback Processing of Group Policy - http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287
Locking Down Windows Server 2003 Terminal Server Sessions - http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en
0
 
LVL 1

Expert Comment

by:birkoff
ID: 12113875
harleyjd: did you ever try to create a shorcut on (for example) the desktop to a folder or file on the restricted c: drive. untill now it always works for me. according to me it's a great bug in the windows environment.

als double clicking on a folder in the start menu has a bug. it opens an explorer windows. this is a great problem if you have a redirected start menu on another server. even after complety locking down an entire terminal server with policies you are still able to browse the network and see / access shares etc.

untill now i never found a good solution for these kind of problems

0
 
LVL 2

Expert Comment

by:pjimerson
ID: 14897056
I'd suggest you go into the remote desktop clients options (by clicking on the options button of the remote desktop client - before you connect) then go to the Program tab and check the box labelled "Start the following program on connection".  Then the other fields on this tab won't be greyed out.  You can then specify the program you wish to restrict your users in the uppermost field.   That will run the program immediately after they log in.   Should they choose to terminate that program their remote desktop session will end.   I can't say for sure if there's a way around this  (key combinations to bring up windows explorer, or perhaps some feature of the program that allows them to browse for a file perhaps being mis-used to run another program) but I believe it was meant to do what you need it to do.  

Good Luck,

pjimerson
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question