Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Terminal Server Application Launch

Posted on 2006-05-02
15
Medium Priority
?
558 Views
Last Modified: 2010-04-13
I would like to setup one of our domain users to launch an application when they log in to terminal server. I only want them to be able to use this one app. How can I impliment this?  Our domain is windows 2000 however the server that hosts terminal services is a windows 2003 server.

thank you.
0
Comment
Question by:pdiblasi
  • 9
  • 2
  • 2
13 Comments
 
LVL 7

Expert Comment

by:baconyi
ID: 16589542
security settings for c: drive or whatever other drives are on there, set it so this user has no access, but give access to the specific program file you wanted them to use.

so you would propagate rights to child directories to deny access, and the specific folder you want access to, uncheck inherit from parent directory.... in the advanced option under the security setting.
Billy
0
 

Author Comment

by:pdiblasi
ID: 16589568
Althought that would work it's not what I am looking for. There is a way to have an app lauch when TS is loaded and if they close the window the app closes too. I know you can set this up in configuration for all users but not sure how to set it up for a domain user.
0
 
LVL 7

Expert Comment

by:baconyi
ID: 16589611
not sure how to set programs to close when the TS is closed but on a 2003 TS the user profiles are located in c:\<windows>\profiles

i think thats what you're talking about when you said you know how to do it for "all users", you meant the profile under documents and settings right?

well if so, then the profiles for the TS are where i said and has the startup folder also.  let me know if thats what you were talking about.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 

Author Comment

by:pdiblasi
ID: 16589713
No if you go to start\administrator tools\terminal server configuration you can select in there the path of the app you want to run and then that app will load everytime. It won't even let the user see the desktop.
0
 
LVL 2

Accepted Solution

by:
dcp002 earned 1000 total points
ID: 16590350
I have used this method on Windows 2000 Terminal Servers.
Create a batch file (xxx.cmd) like this, and make it the app to run for all users.  User "david" will get notepad - and after he exits notepad will logoff.
All other users will get exlorer.exe (= desktop)


    if %username%==david goto david
    rem All other users come this way and get the desktop
    start explorer.exe
    exit
   
    :david
    rem david gets notepad
    start notepad.exe
    exit


Warning !!! - if you get this batch file wrong, you can end up with no ability to get to the desktop via Terminal Services, so ensure you have access to the system console, or keep one session open until you have tested it. If you get it wrong you want to be able to change it !

You can enhance the batch file to do quite fancy things - different programs for different users.
Use of IFMEMBER.EXE can assign different programs according to group membership - probably better, although can be very slow on large domains.

When experimenting just remember the warning !
0
 
LVL 7

Expert Comment

by:baconyi
ID: 16590473
i think you meant to say the terminal session will close when the app closes then i think, your reply to my first post said "There is a way to have an app lauch when TS is loaded and if they close the window the app closes too"... so what you want is to have the session end when they close the app, so they cant do anything on the desktop of the terminal server right?


[User Configuration\Administrative Templates\System]

•      Run only allowed Windows applications
Recommended setting: Enabled – Define list of authorized applications
It is recommended that you enable this policy to restrict users to only run programs that are added to the List of Allowed Applications. This setting only prevents users from running programs that are started by Windows Explorer. It does not prevent users from running programs such as Task Manager, which can be started by a system process. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs from the command window that they are not permitted to start by using Windows Explorer.

the above was taken from think link, other stuff you might find useful
http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx

0
 
LVL 7

Assisted Solution

by:baconyi
baconyi earned 1000 total points
ID: 16590504
dont know if this works, but i found this on the web.

"If you are looking to run only one application from the server you can install native W2k3 terminal services then use a GPO with the key

User config --> Admin Templates --> Windows Components --> Terminal Services --> Start a program on Connection

When the user logs on they will get that application only and no desktop.  When they close the app the terminal server session terminates."

good luck
Billy
0
 
LVL 7

Expert Comment

by:baconyi
ID: 16590525
please let me know if anything worked, im interested to also find a solution to this as we have many clients using TS, so far we have no restrictions set, but im sure eventually we will run into clients or current clients that want to restrict users from accessing anything else like you wnat to...
0
 
LVL 7

Expert Comment

by:baconyi
ID: 16590656
hey i tested this on one of my clients servers and it worked...

under active directory users and computers, goto the properties of a user, under the session tab, enter the path and program you want them to run. when the program is closed, the session ended....

i used notepad to test, i logged in, notepad opened up, when i closed notepad, the session ended, my login script halted so i had to x that out too, but when i did, it closed the TS, when i minimized notepad, nothing was on the desktop, no taskbar with start menu either....

Billy
0
 
LVL 7

Expert Comment

by:baconyi
ID: 16590659
only difference in my test with you is that my controller is a 2003 but i think session is in the properties of a 2k
0
 
LVL 7

Expert Comment

by:baconyi
ID: 16590695
sorry, not the session tab,  its in the "environment" tab
0
 
LVL 2

Expert Comment

by:dcp002
ID: 16590758
If you only have one Terminal Server (or several identical ones) this will work.
If you have 2 different Terminal Servers, and you want user A to run Application 1 on server 1, and application 2 on server 2, you might have a problem.
That's why my (clumsy) method is based at the server.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use this step by step method when setting up QuickBooks Online. They will allow you to explore the various features of the advanced settings available to you.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question