i'm using windows server 2003, i don't have AD installed. i want to give a user access to RDP so he can access a remote administration tool for a third party app. i have the shortcut placed on his user's desktop. what i want, is for him to not be able to browse any hard drives, use the run command in the start menu, anything really that'd let him do anything besides using that one shortcut.
i've tried creating a new group "limitedusers" than assigning his user to that one as the only one. than not giving it permissions to list/read/write anything on any hard drive, but i can still browse both drives freely through my computer from his user.
You said you created a group and tried not to give permission. Did you try giving Deny Permission? I don't know if you want to give deny permission to the entire drive. Not sure how that would effect loading windows.
Have you thought about installing the remote admin tool on the user's computer.