I've configured a Windows 2008 Enterprise server in the active directory and I want to give remote workers the ability to login and use this server - but to a limited degree.
1 - To block them from directly accessing the C drive
2 - Allow them to run CERTAIN programs installed on the D Drive (Open Office, Textpad, and about 10 other apps)
3 - Let them access their own data ("My Documents" on the E: drive)
4 - Let them access certain folders on the "F" drive (shared folders)
I do NOT want them installing (or uninstalling) any apps
I do NOT want them screwing with anything on the server ;)
I've gone through a lot of posts which talked about restricting access to just one app. That's not what I'm doing here. Basically, I want them to be a "user" but not a "power user" / "admin"
... and that said, if we encounter a program that will not function because they don't have enough rights to it, how would I tweak so they could have more rights just to that one app?
The ideal setup would be a Group with all the right permissions and rights, and just drop them all in that group.