Limiting Remote User Access under Windows 2008

I'm setting up a Windows 2008 Standard server with CAL's for Terminal Services.

We are creating user accounts for some remote workers to login and do various tasks.

We want to them to be able to run a browser & Microsoft Office but that's about it.

Our O/S is on C:

Our "Programs" are on D:

We want the user profiles on E:, such as e:\users\john   e:\users\jane

How would you go about configuring this?  We've already installed Active Directory - and it is the only server in the AD

My goal is:
- they can login
- they can run apps we designate in d:\programs
- they can access their own My Documents, etc.
- they can access a shared folder, such as e:\sharedfolder

Thank you
LVL 1
drgdrgAsked:
Who is Participating?
 
drgdrgConnect With a Mentor Author Commented:
No answer given.  I'm abandoning this question.
0
 
connectexCommented:
You can lock this down using group policy. This article talks about Windows 7 but it should work for 2008: http://www.techrepublic.com/blog/window-on-windows/how-do-i-allow-windows-7-users-to-run-only-specific-applications/2795.
0
 
drgdrgAuthor Commented:
Thanks, but this is very limited and is easy to get around.  I know there are more secure ways to lock it down.  This grants them access to certain named programs, but all they have to do is rename a program to an allowed name ("firefox.exe" was the example they gave).

I'm looking for a stronger lock down -

- Keep them off "C" except for running the O/S (but they shouldn't be able to get to C)
- On "D" only allow them in the programs files (we will only install programs we want them to access)
- On "E" only access their user folder and one shared folder (this is easy, takes care of itself)

Any other suggestions?
0
 
drgdrgAuthor Commented:
Question was not answered.  I'm closing the question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.