I have a few problems with the GPO on my terminal servers. I want them to be as secure as possible.
1. Users cannot run Microsoft Publisher. It will not allow you to save items to the desktop. I can create any other kind of office document, but I think that it doesnt have access to create some kind of temp file.
2. Users cannot open folders on desktop.
3. Network drives cannot be mapped.
Attached is my GPO. It is for server 2k8.