• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 434
  • Last Modified:

Restrict Software to Specific User on Terminal Server

Hello.

I've read quite a few postings and Microsoft documents, but cannot seem to figure out how, exactly, software restriction are applied to specific users. Here's the setup, numbers are for example:

+ Windows 2003 Server running Terminal Services
+ This server is accessed by 20 users via RDP.
+ I want only 6 of them to be able to run Office.
+ I have a small number of other applications I would like specific users to run.
+ I would like to use local policy for simplicity, even though this server is part of a domain.

So, my guess to do this is the following:

+ Create a local group "Office Users", containing those users permitted to run Office.
+ Set the default Software Restriction Security Level to "Disallowed"
+ Add an Additional Path Rule (Unrestricted) containing the path to the Office apps.

My problem: I cannot see how to apply this additional rule to specific users, that is (I guess) to the Office Users group.

(Sorry if I didn't pick the question zones correctly.)
0
phsit
Asked:
phsit
1 Solution
 
enriquecadalsoCommented:
Local policies are not that powerfull as GPO.

If you are going to create local groups try modifying the ntfs permission of the office executables (winword.exe, excel.exe, etc), assigning the rights to read only to the "Office Users" group.
0
 
farazhkhanCommented:
0
 
phsitAuthor Commented:
Sadly, it looks as if enriquecadalso has it right. I guess I was hoping for a better answer! Let me review the article given by farazhkhan (again) before I go ahead an close this question. Thanks...
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
Cláudio RodriguesCommented:
If you are using Terminal Services you can indeed apply policies only to certain groups and ONLY when they are connected to the TS.
I have all this explained on a step-by-step guide that I wrote, "Terminal Services A to Z" available at no cost at http://www.wtslabs.com.
Just read it and follow the section regarding Software Restriction Policies. It will do what you need.
The key is to use the Loopback option, exactly as described on the guide.

Cláudio Rodrigues
Citrix CTP
0
 
phsitAuthor Commented:
Okay, I'll look at that too. Looks like a nice document. It'll be until after the new year that I reply, though. Enjoy!
0
 
Cláudio RodriguesCommented:
Answer ID 26140322 covers it all and explains how to do exactly what he wants.

Cláudio Rodrigues
Citrix CTP
0
 
phsitAuthor Commented:
Go ahead and close this. However, since tsmvp and enriquecadalso suggested the same solution, they both should get credit if that's possible.
0
 
phsitAuthor Commented:
Oh, I see this is already closed.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now