Terminal Services Application mode security hole?

Hi,

We have a Windows 2000 Terminal Server installed in Application Mode.

When a user log's in they are presented with Word only (No start bar etc just word) as setup in the Environment tab.

However if you get the open dialog box up and RHMC on My Computer it displays this message (Below) and then the windows Shell apears.

How do I stop this as it is a bit of a secuiry issue?

Error
Cannot find the file '/e,/idlist,:1392:2320,'(or one of its components). Make sure the path and filename are correct and that all required libuiraries are available.

Help!!

Cheers
Pete
LVL 2
pforemanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jeffrashCommented:
I'm not sure what tyou mean by RHMC. Could you expand on that?

Jeff
0
pforemanAuthor Commented:
Sorry.. ;-)

Right Hand Mouse Click

Pete
0
jeffrashCommented:
OK, I get it now. :)

So after the error message comes up, users are given a command prompt window? If so you could set up the machine to allow only allowed applications to run, or not to run.

In a domain create a GPO or in a stand alone system you can use gpedit.msc. Any...

In a GPO locate 'User Configuration' -> 'Administrative Templates' -> 'System' and then there are two options to set. You can use 'Run only allowed Windows Applications' or you could try 'Don't run specified Windows applications'.

Under 'Don't run specified Windows applications' you could add cmd.exe or under 'Run only allowed Windows Applications' you could enter winword.exe

Hope that helps
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

pforemanAuthor Commented:
No not a command prompt. After clicking on OK it then gives me the rest of the windows enviroment. (IE the start menu/desktop etc)

Pete
0
jeffrashCommented:
Sorry, I totally misunderstood.

But did you try making changes to 'Run only allowed Windows Applications'? You could also deny access to "explorer.exe" through 'Don't run specified Windows applications' . That is the program that brings up the windows desktop.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pforemanAuthor Commented:
Sorry been away.  I will try it out next week.

Pete
0
pforemanAuthor Commented:
I'm sorry for forgetting this post I have had issues!
I have not had time to look at this so I will accept jeffrash's answer and close the question.

Sorry :o)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.