Link to home
Create AccountLog in
Avatar of ronin83
ronin83

asked on

how to set very restrictive RDP permissions to user

i'm using windows server 2003, i don't have AD installed. i want to give a user access to RDP so he can access a remote administration tool for a third party app. i have the shortcut placed on his user's desktop. what i want, is for him to not be able to browse any hard drives, use the run command in the start menu, anything really that'd let him do anything besides using that one shortcut.

i've tried creating a new group "limitedusers" than assigning his user to that one as the only one. than not giving it permissions to list/read/write anything on any hard drive, but i can still browse both drives freely through my computer from his user.

please help.
Avatar of weasel2971
weasel2971
Flag of United States of America image

Each computer has a local GPO, which you can edit to configure that computer. In fact, you must use the local GPO to configure a computer that isn't a member of an AD domain. However, changing the local GPO will effect all users, including administrators.

You said you created a group and tried not to give permission. Did you try giving Deny Permission? I don't know if you want to give deny permission to the entire drive. Not sure how that would effect loading windows.

Have you thought about installing the remote admin tool on the user's computer.
Avatar of ronin83
ronin83

ASKER

this is a windows server 2003 web server, no AD available, i don't know what "GPO's" are. installing tools on other user isn't an option. i haven't tried giving deny permissions to the group to the drive yet, hows that done?
ASKER CERTIFIED SOLUTION
Avatar of weasel2971
weasel2971
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer