Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Prenter User from Accessing RD on Server 2008

Posted on 2011-09-14
7
Medium Priority
?
228 Views
Last Modified: 2013-11-28
I would like to prevent user from remotely logging into my Server 2008; however, I would like my user to still able to access the Remote App I setup on the server. Is this possible.
0
Comment
Question by:tslaugther
7 Comments
 
LVL 26

Expert Comment

by:Nick67
ID: 36540089
It may be possible.
Check on the server under Local Users and Groups.
People who can logon remotely get that right from the Remote Desktop Users group.

When my RemoteApp sends Outlook email, it does so as the user I was when I set up the RemoteApp, not who I am as I am logged on.
So it is entirely possible that you may be able to cut a user out from Remote logons, and yet still use RemoteApp.

The only way to know for sure is to try it.
0
 

Author Comment

by:tslaugther
ID: 36540178
I did try it, but the when I took removed my test user from the remote desktop group, I could not access the Remote App using my test user.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36540318
Then I am afraid you may have your answer.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36540333
So you want to be able to allow a person to connect to a RD Session host and get a RemoteApp but not be able to get a full desktop on that same session host? I would be very surprised if there is such a setting. I have never seen a setting like that other than do prevent all RDP access, which would block RemoteApp as well.

Now maybe you can run a login script that can somehow detect the difference between a RemoteApp session and a full desktop session, and it could logout the user if it was a desktop session.  
0
 

Author Comment

by:tslaugther
ID: 36540577
I believe running a script is the only possible way. I will work on it to see if that is the only solution thank you.
0
 
LVL 22

Expert Comment

by:dportas
ID: 36542285
You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to).
0
 
LVL 26

Accepted Solution

by:
Nick67 earned 2000 total points
ID: 36544389
<You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to). >

That make zero sense.
The OP has a RemoteApp which they'd like the end user to use
What they want to prevent is the end-user from going to Start|Programs|Remote Desktop Connections and then putting in the name of the terminal server and logging on.
That is quite hard to do
There is a post here
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/9e961ac2-542a-4c85-b248-82f0f1a3a10c/
Near the end are two suggestions worth testing
Read through the whole post and see what you think.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We live in a world of interfaces like the one in the title picture. VBA also allows to use interfaces which offers a lot of possibilities. This article describes how to use interfaces in VBA and how to work around their bugs.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
With Microsoft Access, learn how to specify relationships between tables and set various options on the relationship. Add the tables: Create the relationship: Decide if you’re going to set referential integrity: Decide if you want cascade upda…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question