Solved

Allow Remote App but dis-allow Remote Desktop

Posted on 2010-09-03
5
973 Views
Last Modified: 2012-05-10
Hello Professionals,

I currently publish a handfull of apps via Terminal Services RemoteApp in Win2008 server. Of course, the more enterprising users quickly discover they can also access the desktop via remote desktop as well. Though I know how to restrict them to certain apps once on the dektop itself, I would rather disallow direct desktop access while still allowing them to access only the published applicaitons.

Is this possible either in the OS or 3rd party app?

Thank you for your time.
0
Comment
Question by:kubiaco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 33599189
There isn't an "officially sanctioned" way to do this because, fundamentally, TS RemoteApp functionality is just leveraging existing Remote Desktop code. You could do something silly like use Group Policy to set the user's shell to be "logoff.exe" such that if they attempted to access the machine's desktop they'd be immediately logged-off. Any application that uses a common "File / Open" dialog, though, can be used to get a command prompt or other programs open on the server's desktop.
0
 

Author Comment

by:kubiaco
ID: 33600367
Thank you for the reply. I have seen this suggestion as well and thought about giving it a shot but first wanted to see if there was a bona fide config change that I could make to disallow the desktop access.
0
 

Accepted Solution

by:
kubiaco earned 0 total points
ID: 34520756
No way to really restrict this so I'll lock down the system in Group Object Editor as much as I can and go from there.

0
 

Author Closing Comment

by:kubiaco
ID: 34609096
Came up with alternate solution
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question