Solved

Prenter User from Accessing RD on Server 2008

Posted on 2011-09-14
7
205 Views
Last Modified: 2013-11-28
I would like to prevent user from remotely logging into my Server 2008; however, I would like my user to still able to access the Remote App I setup on the server. Is this possible.
0
Comment
Question by:tslaugther
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 26

Expert Comment

by:Nick67
ID: 36540089
It may be possible.
Check on the server under Local Users and Groups.
People who can logon remotely get that right from the Remote Desktop Users group.

When my RemoteApp sends Outlook email, it does so as the user I was when I set up the RemoteApp, not who I am as I am logged on.
So it is entirely possible that you may be able to cut a user out from Remote logons, and yet still use RemoteApp.

The only way to know for sure is to try it.
0
 

Author Comment

by:tslaugther
ID: 36540178
I did try it, but the when I took removed my test user from the remote desktop group, I could not access the Remote App using my test user.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36540318
Then I am afraid you may have your answer.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36540333
So you want to be able to allow a person to connect to a RD Session host and get a RemoteApp but not be able to get a full desktop on that same session host? I would be very surprised if there is such a setting. I have never seen a setting like that other than do prevent all RDP access, which would block RemoteApp as well.

Now maybe you can run a login script that can somehow detect the difference between a RemoteApp session and a full desktop session, and it could logout the user if it was a desktop session.  
0
 

Author Comment

by:tslaugther
ID: 36540577
I believe running a script is the only possible way. I will work on it to see if that is the only solution thank you.
0
 
LVL 22

Expert Comment

by:dportas
ID: 36542285
You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to).
0
 
LVL 26

Accepted Solution

by:
Nick67 earned 500 total points
ID: 36544389
<You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to). >

That make zero sense.
The OP has a RemoteApp which they'd like the end user to use
What they want to prevent is the end-user from going to Start|Programs|Remote Desktop Connections and then putting in the name of the terminal server and logging on.
That is quite hard to do
There is a post here
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/9e961ac2-542a-4c85-b248-82f0f1a3a10c/
Near the end are two suggestions worth testing
Read through the whole post and see what you think.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Access custom database properties are useful for storing miscellaneous bits of information in a format that persists through database closing and reopening.  This article shows how to create and use them.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In Microsoft Access, learn how to use Dlookup and other domain aggregate functions and one method of specifying a string value within a string. Specify the first argument, which is the expression to be returned: Specify the second argument, which …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question