• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 497
  • Last Modified:

server 2003 terminal services single aplication

I have installed terminal services on a domaincontoler and wish 4 users to only run one aplication, if i use the remote desktop access with the client computers i seem to be able to to brows the whole of the server drive, this is not what i want how can i lock the user into one drive ONLY and look in that folder and access only files in that folder, also if possible have a one click configuration on the remote desktop to connect to the terminal server

regards

Phil
0
philmc79
Asked:
philmc79
1 Solution
 
jss1199Commented:
Hi philmc79,

Do you even want them to see the desktop or to launch a single app?  You can do this by configuring a RDP connection - choose Options and save the connecting credentials for that user.  On the Program tab, plug in the start information for the single application you want them to run.  Go back to the General tab and save the RDP connection to a file - this will allow you to place on their desktop for single click access.  

This will launch the app you configured above when they click on the RDP connection and, if they were to close the application, it will automatically close the RDP session.


Cheers!
0
 
philmc79Author Commented:
have done this but the client can open the RDP fron the communications program folder and change the setting do you know any way of stopping them from doing this, IE can it be setup in the Administrator profile on the clients machine and then locked, so that the crederntials for the desktop shortcut in the user profile cant be altered, i need to stop the user changing the way he can log on to the termal server

regards
0
 
bilbusCommented:
Right

If you want them to only use one application you can ristrict them to one window. You can do this to the RDP file, or you can do it via group poilicy. I recommend GP, because then the user cant remove the no desktop setting.

One problem with that though. Smart users can break out of that. Make sure you add software ristriction policys (group policy). Add explorer and iexplorer to the deny list. Also i ristrict all applications/dlls by default and add in the allowed ones.

You also can ristrict what RDP options you want to enable on terminal server config (or group policy). So if you want no drive mapping you can disable it.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now