Solved

Prenter User from Accessing RD on Server 2008

Posted on 2011-09-14
7
196 Views
Last Modified: 2013-11-28
I would like to prevent user from remotely logging into my Server 2008; however, I would like my user to still able to access the Remote App I setup on the server. Is this possible.
0
Comment
Question by:tslaugther
7 Comments
 
LVL 26

Expert Comment

by:Nick67
ID: 36540089
It may be possible.
Check on the server under Local Users and Groups.
People who can logon remotely get that right from the Remote Desktop Users group.

When my RemoteApp sends Outlook email, it does so as the user I was when I set up the RemoteApp, not who I am as I am logged on.
So it is entirely possible that you may be able to cut a user out from Remote logons, and yet still use RemoteApp.

The only way to know for sure is to try it.
0
 

Author Comment

by:tslaugther
ID: 36540178
I did try it, but the when I took removed my test user from the remote desktop group, I could not access the Remote App using my test user.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36540318
Then I am afraid you may have your answer.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36540333
So you want to be able to allow a person to connect to a RD Session host and get a RemoteApp but not be able to get a full desktop on that same session host? I would be very surprised if there is such a setting. I have never seen a setting like that other than do prevent all RDP access, which would block RemoteApp as well.

Now maybe you can run a login script that can somehow detect the difference between a RemoteApp session and a full desktop session, and it could logout the user if it was a desktop session.  
0
 

Author Comment

by:tslaugther
ID: 36540577
I believe running a script is the only possible way. I will work on it to see if that is the only solution thank you.
0
 
LVL 22

Expert Comment

by:dportas
ID: 36542285
You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to).
0
 
LVL 26

Accepted Solution

by:
Nick67 earned 500 total points
ID: 36544389
<You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to). >

That make zero sense.
The OP has a RemoteApp which they'd like the end user to use
What they want to prevent is the end-user from going to Start|Programs|Remote Desktop Connections and then putting in the name of the terminal server and logging on.
That is quite hard to do
There is a post here
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/9e961ac2-542a-4c85-b248-82f0f1a3a10c/
Near the end are two suggestions worth testing
Read through the whole post and see what you think.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
What’s inside an Access Desktop Database. Will look at the basic interface, Navigation Pane (Database Container), Tables, Queries, Forms, Report, Macro’s, and VBA code.
With Microsoft Access, learn how to specify relationships between tables and set various options on the relationship. Add the tables: Create the relationship: Decide if you’re going to set referential integrity: Decide if you want cascade upda…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now