How to restrict local drive browsing access for terminal service users on a Windows 2008 terminal server
Im trying to prevent terminal server remote users from browsing the terminal server to which they connect. I only want them to have access to their user directors. The users are primarily using outlook 2007 remote applications
Here is what Ive done so fare.
Ive created a group policy that hides the local drives of the terminal server. I cannot deny access to the local drives because then the users will not have access to their local directories.
This hides the drives but when the user opens their Save, Save-As or Open dialogue box, on the left hand side of the dialogue box is a navigation bar that allows the user to see the local drives and browse them.
To fix this I did the following:
I added the administrative template for office 2007 to group policy. In the File Open|save dialog box policy, I enabled the Activate Restricted Browsing and added in Approve Location the path to their user directory.
The Restricted Browsing policy is working great. Whenever I open a word document or try to save a word doc or e-mail, the save or open dialogue box opens up and say (Restricted Mode). If the user tries to browse anywhere other that their user file, they receive a message that says This location has been blocked by your system administrator
The problem I have is when a user tries to insert a file, through outlook, they can browse the terminal server through the insert file dialogue box. Apparently the Restricted Browsing policy doesnt affect the Insert Dialogue box in outlook.
I need a way to restrict the users browsing when they are in the Insert file dialogue box in outlook.