Solved

Locking down Terminal Server

Posted on 2004-09-15
3
273 Views
Last Modified: 2010-04-19
Hello, I need to allow remote users to access a program running on a member server. Terminal Server is running in application mode. Any hints,or suggestions on restricting their access to only the one program and select folders?  
0
Comment
Question by:91mustang
3 Comments
 
LVL 15

Accepted Solution

by:
harleyjd earned 500 total points
ID: 12074410
Set the default users profile to have nothing in the \Start Menu\Programs folder

Add only the program shortcut to the All User \Start Menu\Programs folder

hide/restrict users access to the c:\ drive via group policy. Hide any other stuff you see fit

run the chkroot application compatability script to give them a virtual rootdrive - I use W:, but you can use anything.

This should allow them to see only the one icon, and not be able to browse for any executables on the c:\ drive...

Check the following for some general info:

How to Apply Group Policy Objects to Terminal Services Servers - http://support.microsoft.com/default.aspx?scid=kb;en-us;260370&sd=tech
Loopback Processing of Group Policy - http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287
Locking Down Windows Server 2003 Terminal Server Sessions - http://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en
0
 
LVL 1

Expert Comment

by:birkoff
ID: 12113875
harleyjd: did you ever try to create a shorcut on (for example) the desktop to a folder or file on the restricted c: drive. untill now it always works for me. according to me it's a great bug in the windows environment.

als double clicking on a folder in the start menu has a bug. it opens an explorer windows. this is a great problem if you have a redirected start menu on another server. even after complety locking down an entire terminal server with policies you are still able to browse the network and see / access shares etc.

untill now i never found a good solution for these kind of problems

0
 
LVL 2

Expert Comment

by:pjimerson
ID: 14897056
I'd suggest you go into the remote desktop clients options (by clicking on the options button of the remote desktop client - before you connect) then go to the Program tab and check the box labelled "Start the following program on connection".  Then the other fields on this tab won't be greyed out.  You can then specify the program you wish to restrict your users in the uppermost field.   That will run the program immediately after they log in.   Should they choose to terminate that program their remote desktop session will end.   I can't say for sure if there's a way around this  (key combinations to bring up windows explorer, or perhaps some feature of the program that allows them to browse for a file perhaps being mis-used to run another program) but I believe it was meant to do what you need it to do.  

Good Luck,

pjimerson
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question