Solved

Allow Remote App but dis-allow Remote Desktop

Posted on 2010-09-03
5
969 Views
Last Modified: 2012-05-10
Hello Professionals,

I currently publish a handfull of apps via Terminal Services RemoteApp in Win2008 server. Of course, the more enterprising users quickly discover they can also access the desktop via remote desktop as well. Though I know how to restrict them to certain apps once on the dektop itself, I would rather disallow direct desktop access while still allowing them to access only the published applicaitons.

Is this possible either in the OS or 3rd party app?

Thank you for your time.
0
Comment
Question by:kubiaco
  • 3
5 Comments
 
LVL 5

Expert Comment

by:TechnicallyMaybe
Comment Utility
There isn't an "officially sanctioned" way to do this because, fundamentally, TS RemoteApp functionality is just leveraging existing Remote Desktop code. You could do something silly like use Group Policy to set the user's shell to be "logoff.exe" such that if they attempted to access the machine's desktop they'd be immediately logged-off. Any application that uses a common "File / Open" dialog, though, can be used to get a command prompt or other programs open on the server's desktop.
0
 

Author Comment

by:kubiaco
Comment Utility
Thank you for the reply. I have seen this suggestion as well and thought about giving it a shot but first wanted to see if there was a bona fide config change that I could make to disallow the desktop access.
0
 

Accepted Solution

by:
kubiaco earned 0 total points
Comment Utility
No way to really restrict this so I'll lock down the system in Group Object Editor as much as I can and go from there.

0
 

Author Closing Comment

by:kubiaco
Comment Utility
Came up with alternate solution
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now