Solved

Allow Remote App but dis-allow Remote Desktop

Posted on 2010-09-03
5
971 Views
Last Modified: 2012-05-10
Hello Professionals,

I currently publish a handfull of apps via Terminal Services RemoteApp in Win2008 server. Of course, the more enterprising users quickly discover they can also access the desktop via remote desktop as well. Though I know how to restrict them to certain apps once on the dektop itself, I would rather disallow direct desktop access while still allowing them to access only the published applicaitons.

Is this possible either in the OS or 3rd party app?

Thank you for your time.
0
Comment
Question by:kubiaco
  • 3
5 Comments
 
LVL 5

Expert Comment

by:TechnicallyMaybe
ID: 33599189
There isn't an "officially sanctioned" way to do this because, fundamentally, TS RemoteApp functionality is just leveraging existing Remote Desktop code. You could do something silly like use Group Policy to set the user's shell to be "logoff.exe" such that if they attempted to access the machine's desktop they'd be immediately logged-off. Any application that uses a common "File / Open" dialog, though, can be used to get a command prompt or other programs open on the server's desktop.
0
 

Author Comment

by:kubiaco
ID: 33600367
Thank you for the reply. I have seen this suggestion as well and thought about giving it a shot but first wanted to see if there was a bona fide config change that I could make to disallow the desktop access.
0
 

Accepted Solution

by:
kubiaco earned 0 total points
ID: 34520756
No way to really restrict this so I'll lock down the system in Group Object Editor as much as I can and go from there.

0
 

Author Closing Comment

by:kubiaco
ID: 34609096
Came up with alternate solution
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question