Solved

Locking down Terminal Server

Posted on 2004-09-15
3
268 Views
Last Modified: 2010-04-19
Hello, I need to allow remote users to access a program running on a member server. Terminal Server is running in application mode. Any hints,or suggestions on restricting their access to only the one program and select folders?  
0
Comment
Question by:91mustang
3 Comments
 
LVL 15

Accepted Solution

by:
harleyjd earned 500 total points
ID: 12074410
Set the default users profile to have nothing in the \Start Menu\Programs folder

Add only the program shortcut to the All User \Start Menu\Programs folder

hide/restrict users access to the c:\ drive via group policy. Hide any other stuff you see fit

run the chkroot application compatability script to give them a virtual rootdrive - I use W:, but you can use anything.

This should allow them to see only the one icon, and not be able to browse for any executables on the c:\ drive...

Check the following for some general info:

How to Apply Group Policy Objects to Terminal Services Servers - http://support.microsoft.com/default.aspx?scid=kb;en-us;260370&sd=tech
Loopback Processing of Group Policy - http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287
Locking Down Windows Server 2003 Terminal Server Sessions - http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en
0
 
LVL 1

Expert Comment

by:birkoff
ID: 12113875
harleyjd: did you ever try to create a shorcut on (for example) the desktop to a folder or file on the restricted c: drive. untill now it always works for me. according to me it's a great bug in the windows environment.

als double clicking on a folder in the start menu has a bug. it opens an explorer windows. this is a great problem if you have a redirected start menu on another server. even after complety locking down an entire terminal server with policies you are still able to browse the network and see / access shares etc.

untill now i never found a good solution for these kind of problems

0
 
LVL 2

Expert Comment

by:pjimerson
ID: 14897056
I'd suggest you go into the remote desktop clients options (by clicking on the options button of the remote desktop client - before you connect) then go to the Program tab and check the box labelled "Start the following program on connection".  Then the other fields on this tab won't be greyed out.  You can then specify the program you wish to restrict your users in the uppermost field.   That will run the program immediately after they log in.   Should they choose to terminate that program their remote desktop session will end.   I can't say for sure if there's a way around this  (key combinations to bring up windows explorer, or perhaps some feature of the program that allows them to browse for a file perhaps being mis-used to run another program) but I believe it was meant to do what you need it to do.  

Good Luck,

pjimerson
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question