Solved

shell=explorer.exe ....

Posted on 2006-07-14
9
230 Views
Last Modified: 2011-10-03
I have a Server2003 where users logon remotely (remote desktop) to use a program.

I would like to configure my server so that when users logon ONLY the program will appear (no explorer.exe shell) and when they close it the connection will disconnect/log-off.
This is done so that it will be as easy as possible for the users and also for security. I would guess users would still be able to start taskmanager and do damage. Ideas on how to do this as easy and securely as possible are welcome!

N.B. I have tried searching the registry if users can have seperate shells, doesnt look like it.

thx
0
Comment
Question by:cybergenie
  • 4
  • 2
9 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109069
sounds a lot like Citrix is what you may be looking for... as it allows you to publish just the applications...rather then getting a full remote control...  but this is expensive.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109126
I would make sure that you give Guest access only:  http://www.windowsecurity.com/articles/Windows_Terminal_Services.html
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109166
something like this might be a good solution for you:  http://www.infotoday.com/cil2003/presentations/Anasco.pdf
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17109234
0
 
LVL 19

Accepted Solution

by:
BLipman earned 500 total points
ID: 17112496
You have a couple of options but what you really want to do is specify an initial application.  

If your users are only ever running one app from your terminal servers then it is a slam dunk: go into each user's AD properties and configure a program to run in the Environment tab.  

Another way to do this is to specify a program for every remote user to run period: go into Terminal Services Configuration and the properties of the RDP listener, from here you can set an initial program.  

Yet another way to do this is via an RDP file.  You go to the remote desktop client and set up an application on the Programs tab (need to hit Options to see the tabs).  Then, go back to General and do a Save As.  When you have all of your different apps. configured and tested just copy these RDP files to your user's workstations; assuming you have the RDP client loaded (XP and 2003 machines come preloaded) then the files will launch when doubleclicked.  

Another way is via Group Policy, you can go to the Computer Configuration>Administrative Templates>Terminal Services and find "Start a program on connection"; this will let you shoehorn users from groups into specific applications.  

If you want to be able to do this dynamically with more than one app. configured per user you really should look at Citrix.  You can get Citrix Access Essentials for pretty cheap (relatively).  
0
 

Author Comment

by:cybergenie
ID: 17117211
Thanks BLipman, really what I needed.
I havnt tried all of those yet. Tried Enironment.. The problem there was that if I closed down the program it did not logoff.
I could make a script/bat file that started the program and waited until it shutdown then it would run "logoff".
Please give me comments if there is a better way.
0
 
LVL 19

Expert Comment

by:BLipman
ID: 17117555
If it isn't logging off you hava a process that is hanging out there.  You have 2 good options for that: first, load UPHClean to release any UPH registry handles

User Profile Hive Cleanup Service
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

then check out this link because with a 'normal app' (test w/ notepad.exe) your session will log off when running an initial application and that application closes.  

A remote session does not end immediately on a computer that is running Windows Server 2003 Service Pack 1
http://support.microsoft.com/?kbid=901196

This duplicate autoenrollment process is likely causing issues as well.  
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now