We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Limited remote desktop access to user on Windows Server 2003

Medium Priority
965 Views
Last Modified: 2012-05-06
Hello,

I have a desktop application installed on a server running windows server 2003. This is a standard account software - MYOB and is meant to be used on a single desktop.

I would like it to be accessible on a different computer within the network that runs Windows XP. I'm wondering if I can create a user account for remote desktop so that a person can login using MSTSC and have access only to the given application and nothing else on the server. The user should not be able to see other apps or folders that they don't have access to and should not be able to make any configuration changes to the server.

Is this possible?

Thanks
Comment
Watch Question

Commented:
The problem with this idea is that if MYOB isn't configured for multiple user access, if multiple remote desktop connections access it at the same time, you might scramble your data.  I suspect this is possible by figuring out where MYOB and data directories are installed and giving Read and Execute rights to these directories to the remote desktop user.  There are some rights that come with the remote users group, but you should be able to limit them so that they can't browse around your server.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Hypercat (Deb)President
CERTIFIED EXPERT
Commented:
In addition to what Paka said, if you want to use the application in terminal server mode, you would have to:
1.  Configure and license the server as a terminal server.  By default, servers are only licensed for remote administration over a remote desktop connection and the user would have to log on with administrative permissions.
2.  You would most likely have to uninstall and reinstall the application so that it is configured and installed properly for use in a terminal server environment.
3.  Also, if there is going to be more than one user using the application at a time, as Paka said, you would have to license the app for multiple concurrent users.

Author

Commented:
Thanks Paka and hypercat,

Both your comments helped me resolve my issue.

I have installed the terminal server role and terminal services licensing server. A given user can now log in and based on folder permissions only has access to the MYOB data files and nothing else on the data drive. The intention is not to have multiple users using an app - just one user using it remotely from a thin client.

The user does have access to all currently installed applications on the server though. I'm assuming any new applications I install as administrator (and these are server apps for admin reasons, not user apps) - I will somehow have the ability to only have these visible and accessible to the admin.

Any further thoughts and tips for this will be appreciated, otherwise I'll close this question.

Thanks.
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
Just make sure you have locked down user permissions on the terminal server.  Look at the group policies and terminal server configuration settings.  Group policies are at:
Computer Configuration/Administrative Templates/Windows Components/Terminal Services
User Configuraiton/Administrative Templates/Windows Components/Terminal Services
In the Terminal Server Configuration console, be sure you have set the Permissions Compatibility to Full Security if possible.  You can also control access of course with NTFS permissions, and move any icons for sensitive programs out of the All Users profile and into your administrator profile so that the user can't see them.  He/she wouldn't be able to run them anyway, but it's of course better if they can't even see them.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.