Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

shell=explorer.exe ....

Posted on 2006-07-14
9
Medium Priority
?
245 Views
Last Modified: 2011-10-03
I have a Server2003 where users logon remotely (remote desktop) to use a program.

I would like to configure my server so that when users logon ONLY the program will appear (no explorer.exe shell) and when they close it the connection will disconnect/log-off.
This is done so that it will be as easy as possible for the users and also for security. I would guess users would still be able to start taskmanager and do damage. Ideas on how to do this as easy and securely as possible are welcome!

N.B. I have tried searching the registry if users can have seperate shells, doesnt look like it.

thx
0
Comment
Question by:cybergenie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
9 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109069
sounds a lot like Citrix is what you may be looking for... as it allows you to publish just the applications...rather then getting a full remote control...  but this is expensive.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109126
I would make sure that you give Guest access only:  http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109166
something like this might be a good solution for you:  http://www.infotoday.com/cil2003/presentations/Anasco.pdf
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109234
0
 
LVL 19

Accepted Solution

by:
BLipman earned 2000 total points
ID: 17112496
You have a couple of options but what you really want to do is specify an initial application.  

If your users are only ever running one app from your terminal servers then it is a slam dunk: go into each user's AD properties and configure a program to run in the Environment tab.  

Another way to do this is to specify a program for every remote user to run period: go into Terminal Services Configuration and the properties of the RDP listener, from here you can set an initial program.  

Yet another way to do this is via an RDP file.  You go to the remote desktop client and set up an application on the Programs tab (need to hit Options to see the tabs).  Then, go back to General and do a Save As.  When you have all of your different apps. configured and tested just copy these RDP files to your user's workstations; assuming you have the RDP client loaded (XP and 2003 machines come preloaded) then the files will launch when doubleclicked.  

Another way is via Group Policy, you can go to the Computer Configuration>Administrative Templates>Terminal Services and find "Start a program on connection"; this will let you shoehorn users from groups into specific applications.  

If you want to be able to do this dynamically with more than one app. configured per user you really should look at Citrix.  You can get Citrix Access Essentials for pretty cheap (relatively).  
0
 

Author Comment

by:cybergenie
ID: 17117211
Thanks BLipman, really what I needed.
I havnt tried all of those yet. Tried Enironment.. The problem there was that if I closed down the program it did not logoff.
I could make a script/bat file that started the program and waited until it shutdown then it would run "logoff".
Please give me comments if there is a better way.
0
 
LVL 19

Expert Comment

by:BLipman
ID: 17117555
If it isn't logging off you hava a process that is hanging out there.  You have 2 good options for that: first, load UPHClean to release any UPH registry handles

User Profile Hive Cleanup Service
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

then check out this link because with a 'normal app' (test w/ notepad.exe) your session will log off when running an initial application and that application closes.  

A remote session does not end immediately on a computer that is running Windows Server 2003 Service Pack 1
http://support.microsoft.com/?kbid=901196

This duplicate autoenrollment process is likely causing issues as well.  
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question