anuragc
asked on
Limited remote desktop access to user on Windows Server 2003
Hello,
I have a desktop application installed on a server running windows server 2003. This is a standard account software - MYOB and is meant to be used on a single desktop.
I would like it to be accessible on a different computer within the network that runs Windows XP. I'm wondering if I can create a user account for remote desktop so that a person can login using MSTSC and have access only to the given application and nothing else on the server. The user should not be able to see other apps or folders that they don't have access to and should not be able to make any configuration changes to the server.
Is this possible?
Thanks
I have a desktop application installed on a server running windows server 2003. This is a standard account software - MYOB and is meant to be used on a single desktop.
I would like it to be accessible on a different computer within the network that runs Windows XP. I'm wondering if I can create a user account for remote desktop so that a person can login using MSTSC and have access only to the given application and nothing else on the server. The user should not be able to see other apps or folders that they don't have access to and should not be able to make any configuration changes to the server.
Is this possible?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just make sure you have locked down user permissions on the terminal server. Look at the group policies and terminal server configuration settings. Group policies are at:
Computer Configuration/Administrati ve Templates/Windows Components/Terminal Services
User Configuraiton/Administrati ve Templates/Windows Components/Terminal Services
In the Terminal Server Configuration console, be sure you have set the Permissions Compatibility to Full Security if possible. You can also control access of course with NTFS permissions, and move any icons for sensitive programs out of the All Users profile and into your administrator profile so that the user can't see them. He/she wouldn't be able to run them anyway, but it's of course better if they can't even see them.
Computer Configuration/Administrati
User Configuraiton/Administrati
In the Terminal Server Configuration console, be sure you have set the Permissions Compatibility to Full Security if possible. You can also control access of course with NTFS permissions, and move any icons for sensitive programs out of the All Users profile and into your administrator profile so that the user can't see them. He/she wouldn't be able to run them anyway, but it's of course better if they can't even see them.
ASKER
Both your comments helped me resolve my issue.
I have installed the terminal server role and terminal services licensing server. A given user can now log in and based on folder permissions only has access to the MYOB data files and nothing else on the data drive. The intention is not to have multiple users using an app - just one user using it remotely from a thin client.
The user does have access to all currently installed applications on the server though. I'm assuming any new applications I install as administrator (and these are server apps for admin reasons, not user apps) - I will somehow have the ability to only have these visible and accessible to the admin.
Any further thoughts and tips for this will be appreciated, otherwise I'll close this question.
Thanks.