Solved

Limiting Remote User Access under Windows 2008

Posted on 2011-03-08
4
463 Views
Last Modified: 2012-05-11
I'm setting up a Windows 2008 Standard server with CAL's for Terminal Services.

We are creating user accounts for some remote workers to login and do various tasks.

We want to them to be able to run a browser & Microsoft Office but that's about it.

Our O/S is on C:

Our "Programs" are on D:

We want the user profiles on E:, such as e:\users\john   e:\users\jane

How would you go about configuring this?  We've already installed Active Directory - and it is the only server in the AD

My goal is:
- they can login
- they can run apps we designate in d:\programs
- they can access their own My Documents, etc.
- they can access a shared folder, such as e:\sharedfolder

Thank you
0
Comment
Question by:drgdrg
  • 3
4 Comments
 
LVL 13

Expert Comment

by:connectex
Comment Utility
You can lock this down using group policy. This article talks about Windows 7 but it should work for 2008: http://www.techrepublic.com/blog/window-on-windows/how-do-i-allow-windows-7-users-to-run-only-specific-applications/2795.
0
 
LVL 1

Author Comment

by:drgdrg
Comment Utility
Thanks, but this is very limited and is easy to get around.  I know there are more secure ways to lock it down.  This grants them access to certain named programs, but all they have to do is rename a program to an allowed name ("firefox.exe" was the example they gave).

I'm looking for a stronger lock down -

- Keep them off "C" except for running the O/S (but they shouldn't be able to get to C)
- On "D" only allow them in the programs files (we will only install programs we want them to access)
- On "E" only access their user folder and one shared folder (this is easy, takes care of itself)

Any other suggestions?
0
 
LVL 1

Accepted Solution

by:
drgdrg earned 0 total points
Comment Utility
No answer given.  I'm abandoning this question.
0
 
LVL 1

Author Closing Comment

by:drgdrg
Comment Utility
Question was not answered.  I'm closing the question.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now