We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Limiting Access once logged in to Remote Desktop on Windows 2008 Server

Medium Priority
378 Views
Last Modified: 2012-05-11
I've configured a Windows 2008 Enterprise server in the active directory and I want to give remote workers the ability to login and use this server - but to a limited degree.

I want:

1 - To block them from directly accessing the C drive

2 - Allow them to run CERTAIN programs installed on the D Drive (Open Office, Textpad, and about 10 other apps)

3 - Let them access their own data ("My Documents" on the E: drive)

4 - Let them access certain folders on the "F" drive (shared folders)

I do NOT want them installing (or uninstalling) any apps

I do NOT want them screwing with anything on the server ;)

I've gone through a lot of posts which talked about restricting access to just one app.  That's not what I'm doing here.  Basically, I want them to be a "user" but not a "power user" / "admin"

... and that said, if we encounter a program that will not function because they don't have enough rights to it, how would I tweak so they could have more rights just to that one app?

The ideal setup would be a Group with all the right permissions and rights, and just drop them all in that group.

Thanks  !!!
Comment
Watch Question

Blogger and wearer of all hats.
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Right - that's what I was planning above...

>>> The ideal setup would be a Group with all the right permissions and rights, and just drop them all in that group.

What I don't know is this - once that group is set up, how to I restrict them to certain drives and certain programs?

If I remove their access to the C: drive, will they not be able to work at all (i.e., because they won't have access to the O/S) or is O/S "usage" automatic and covered, even if I block their user account from C: ?
Joseph MoodyBlogger and wearer of all hats.
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.