Solved

shell=explorer.exe ....

Posted on 2006-07-14
9
227 Views
Last Modified: 2011-10-03
I have a Server2003 where users logon remotely (remote desktop) to use a program.

I would like to configure my server so that when users logon ONLY the program will appear (no explorer.exe shell) and when they close it the connection will disconnect/log-off.
This is done so that it will be as easy as possible for the users and also for security. I would guess users would still be able to start taskmanager and do damage. Ideas on how to do this as easy and securely as possible are welcome!

N.B. I have tried searching the registry if users can have seperate shells, doesnt look like it.

thx
0
Comment
Question by:cybergenie
  • 4
  • 2
9 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109069
sounds a lot like Citrix is what you may be looking for... as it allows you to publish just the applications...rather then getting a full remote control...  but this is expensive.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109126
I would make sure that you give Guest access only:  http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109166
something like this might be a good solution for you:  http://www.infotoday.com/cil2003/presentations/Anasco.pdf
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109234
0
 
LVL 19

Accepted Solution

by:
BLipman earned 500 total points
ID: 17112496
You have a couple of options but what you really want to do is specify an initial application.  

If your users are only ever running one app from your terminal servers then it is a slam dunk: go into each user's AD properties and configure a program to run in the Environment tab.  

Another way to do this is to specify a program for every remote user to run period: go into Terminal Services Configuration and the properties of the RDP listener, from here you can set an initial program.  

Yet another way to do this is via an RDP file.  You go to the remote desktop client and set up an application on the Programs tab (need to hit Options to see the tabs).  Then, go back to General and do a Save As.  When you have all of your different apps. configured and tested just copy these RDP files to your user's workstations; assuming you have the RDP client loaded (XP and 2003 machines come preloaded) then the files will launch when doubleclicked.  

Another way is via Group Policy, you can go to the Computer Configuration>Administrative Templates>Terminal Services and find "Start a program on connection"; this will let you shoehorn users from groups into specific applications.  

If you want to be able to do this dynamically with more than one app. configured per user you really should look at Citrix.  You can get Citrix Access Essentials for pretty cheap (relatively).  
0
 

Author Comment

by:cybergenie
ID: 17117211
Thanks BLipman, really what I needed.
I havnt tried all of those yet. Tried Enironment.. The problem there was that if I closed down the program it did not logoff.
I could make a script/bat file that started the program and waited until it shutdown then it would run "logoff".
Please give me comments if there is a better way.
0
 
LVL 19

Expert Comment

by:BLipman
ID: 17117555
If it isn't logging off you hava a process that is hanging out there.  You have 2 good options for that: first, load UPHClean to release any UPH registry handles

User Profile Hive Cleanup Service
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

then check out this link because with a 'normal app' (test w/ notepad.exe) your session will log off when running an initial application and that application closes.  

A remote session does not end immediately on a computer that is running Windows Server 2003 Service Pack 1
http://support.microsoft.com/?kbid=901196

This duplicate autoenrollment process is likely causing issues as well.  
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now