Limit Software Used by TS Users

Hi all,

Just wondering how to choose or limit the default programs available to TS users when logging into the TS server. There are applications installed on the TS Server that should only be available on the server but it seems clients who log in, will have the same access, or the program will show up in the menu. Also, I would like to find out about putting defaults shortcuts on a users desktop on first login. Thanks to all.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This is a broad question.

The simple answer is GPO. But I don't think this is what you are looking for.

Be a litte more specific...

Are you using roaming profiles? or are the profiles local to the TS?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
This is a link for Software Restriction policies. These can be linked on a per group basis.

You could also consider removing icons from all users documents and settings and/or setting perms on the shortcuts to restrict execute rights.
Forgot to say for default icons you can modify the desktop folder under c:\documets and settings\default user\desktop. This means when a fresh user logs on they will see these icons as windows references the default user profile on first logon.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

The icon issue is tricky if you are using romaing profiles.
Cláudio RodriguesFounder and CEOCommented:
The best way to achieve this is to use folder redirection and basically redirect the start menu to a network location. Then you simply add the shortcuts you want there. As you can do per group, you can basically have different shortcuts based on group membership.
The second thing to consider is to use NTFS permissions to give access to application executables based on Group membership. This way you avoid users launching applications they have no access to by other ways (like inserting a hyperlink on Word and pointing to an executable you gave them no shortcut for; this simply hides the app, does NOT prevent them launching it). Using NTFS you actually prevent that by denying access to what they are not supposed to launch.
If you need more information on folder redirection just let me know.

Claudio Rodrigues

Microsoft MVP
Windows Server - Terminal Services
vacnetAuthor Commented:
Thank you all for your input. I was able to find what I needed based on all of your input.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.