server 2003 terminal services single aplication

I have installed terminal services on a domaincontoler and wish 4 users to only run one aplication, if i use the remote desktop access with the client computers i seem to be able to to brows the whole of the server drive, this is not what i want how can i lock the user into one drive ONLY and look in that folder and access only files in that folder, also if possible have a one click configuration on the remote desktop to connect to the terminal server

regards

Phil
philmc79Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jss1199Commented:
Hi philmc79,

Do you even want them to see the desktop or to launch a single app?  You can do this by configuring a RDP connection - choose Options and save the connecting credentials for that user.  On the Program tab, plug in the start information for the single application you want them to run.  Go back to the General tab and save the RDP connection to a file - this will allow you to place on their desktop for single click access.  

This will launch the app you configured above when they click on the RDP connection and, if they were to close the application, it will automatically close the RDP session.


Cheers!
0
philmc79Author Commented:
have done this but the client can open the RDP fron the communications program folder and change the setting do you know any way of stopping them from doing this, IE can it be setup in the Administrator profile on the clients machine and then locked, so that the crederntials for the desktop shortcut in the user profile cant be altered, i need to stop the user changing the way he can log on to the termal server

regards
0
bilbusCommented:
Right

If you want them to only use one application you can ristrict them to one window. You can do this to the RDP file, or you can do it via group poilicy. I recommend GP, because then the user cant remove the no desktop setting.

One problem with that though. Smart users can break out of that. Make sure you add software ristriction policys (group policy). Add explorer and iexplorer to the deny list. Also i ristrict all applications/dlls by default and add in the allowed ones.

You also can ristrict what RDP options you want to enable on terminal server config (or group policy). So if you want no drive mapping you can disable it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.