server 2003 terminal services single aplication

Posted on 2006-04-12
Last Modified: 2012-05-05
I have installed terminal services on a domaincontoler and wish 4 users to only run one aplication, if i use the remote desktop access with the client computers i seem to be able to to brows the whole of the server drive, this is not what i want how can i lock the user into one drive ONLY and look in that folder and access only files in that folder, also if possible have a one click configuration on the remote desktop to connect to the terminal server


Question by:philmc79
    LVL 19

    Expert Comment

    Hi philmc79,

    Do you even want them to see the desktop or to launch a single app?  You can do this by configuring a RDP connection - choose Options and save the connecting credentials for that user.  On the Program tab, plug in the start information for the single application you want them to run.  Go back to the General tab and save the RDP connection to a file - this will allow you to place on their desktop for single click access.  

    This will launch the app you configured above when they click on the RDP connection and, if they were to close the application, it will automatically close the RDP session.


    Author Comment

    have done this but the client can open the RDP fron the communications program folder and change the setting do you know any way of stopping them from doing this, IE can it be setup in the Administrator profile on the clients machine and then locked, so that the crederntials for the desktop shortcut in the user profile cant be altered, i need to stop the user changing the way he can log on to the termal server

    LVL 8

    Accepted Solution


    If you want them to only use one application you can ristrict them to one window. You can do this to the RDP file, or you can do it via group poilicy. I recommend GP, because then the user cant remove the no desktop setting.

    One problem with that though. Smart users can break out of that. Make sure you add software ristriction policys (group policy). Add explorer and iexplorer to the deny list. Also i ristrict all applications/dlls by default and add in the allowed ones.

    You also can ristrict what RDP options you want to enable on terminal server config (or group policy). So if you want no drive mapping you can disable it.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now