Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Prenter User from Accessing RD on Server 2008

Posted on 2011-09-14
7
202 Views
Last Modified: 2013-11-28
I would like to prevent user from remotely logging into my Server 2008; however, I would like my user to still able to access the Remote App I setup on the server. Is this possible.
0
Comment
Question by:tslaugther
7 Comments
 
LVL 26

Expert Comment

by:Nick67
ID: 36540089
It may be possible.
Check on the server under Local Users and Groups.
People who can logon remotely get that right from the Remote Desktop Users group.

When my RemoteApp sends Outlook email, it does so as the user I was when I set up the RemoteApp, not who I am as I am logged on.
So it is entirely possible that you may be able to cut a user out from Remote logons, and yet still use RemoteApp.

The only way to know for sure is to try it.
0
 

Author Comment

by:tslaugther
ID: 36540178
I did try it, but the when I took removed my test user from the remote desktop group, I could not access the Remote App using my test user.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36540318
Then I am afraid you may have your answer.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36540333
So you want to be able to allow a person to connect to a RD Session host and get a RemoteApp but not be able to get a full desktop on that same session host? I would be very surprised if there is such a setting. I have never seen a setting like that other than do prevent all RDP access, which would block RemoteApp as well.

Now maybe you can run a login script that can somehow detect the difference between a RemoteApp session and a full desktop session, and it could logout the user if it was a desktop session.  
0
 

Author Comment

by:tslaugther
ID: 36540577
I believe running a script is the only possible way. I will work on it to see if that is the only solution thank you.
0
 
LVL 22

Expert Comment

by:dportas
ID: 36542285
You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to).
0
 
LVL 26

Accepted Solution

by:
Nick67 earned 500 total points
ID: 36544389
<You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to). >

That make zero sense.
The OP has a RemoteApp which they'd like the end user to use
What they want to prevent is the end-user from going to Start|Programs|Remote Desktop Connections and then putting in the name of the terminal server and logging on.
That is quite hard to do
There is a post here
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/9e961ac2-542a-4c85-b248-82f0f1a3a10c/
Near the end are two suggestions worth testing
Read through the whole post and see what you think.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article runs through the process of deploying a single EXE application selectively to a group of user.
With Microsoft Access, learn how to start a database in different ways and produce different start-up actions allowing you to use a single database to perform multiple tasks. Specify a start-up form through options: Specify an Autoexec macro: Us…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question