Solved

Prenter User from Accessing RD on Server 2008

Posted on 2011-09-14
7
206 Views
Last Modified: 2013-11-28
I would like to prevent user from remotely logging into my Server 2008; however, I would like my user to still able to access the Remote App I setup on the server. Is this possible.
0
Comment
Question by:tslaugther
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 26

Expert Comment

by:Nick67
ID: 36540089
It may be possible.
Check on the server under Local Users and Groups.
People who can logon remotely get that right from the Remote Desktop Users group.

When my RemoteApp sends Outlook email, it does so as the user I was when I set up the RemoteApp, not who I am as I am logged on.
So it is entirely possible that you may be able to cut a user out from Remote logons, and yet still use RemoteApp.

The only way to know for sure is to try it.
0
 

Author Comment

by:tslaugther
ID: 36540178
I did try it, but the when I took removed my test user from the remote desktop group, I could not access the Remote App using my test user.
0
 
LVL 26

Expert Comment

by:Nick67
ID: 36540318
Then I am afraid you may have your answer.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36540333
So you want to be able to allow a person to connect to a RD Session host and get a RemoteApp but not be able to get a full desktop on that same session host? I would be very surprised if there is such a setting. I have never seen a setting like that other than do prevent all RDP access, which would block RemoteApp as well.

Now maybe you can run a login script that can somehow detect the difference between a RemoteApp session and a full desktop session, and it could logout the user if it was a desktop session.  
0
 

Author Comment

by:tslaugther
ID: 36540577
I believe running a script is the only possible way. I will work on it to see if that is the only solution thank you.
0
 
LVL 22

Expert Comment

by:dportas
ID: 36542285
You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to).
0
 
LVL 26

Accepted Solution

by:
Nick67 earned 500 total points
ID: 36544389
<You just need to deny them permissions on objects in your database. In other words allow them to log in but don't allow them to do anything except execute the stored procedures that your app uses. To do this you should use stored procedures for all data access (which is good practice anyway - you should be using stored procedures with SQL Server unless you have a good reason not to). >

That make zero sense.
The OP has a RemoteApp which they'd like the end user to use
What they want to prevent is the end-user from going to Start|Programs|Remote Desktop Connections and then putting in the name of the terminal server and logging on.
That is quite hard to do
There is a post here
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/9e961ac2-542a-4c85-b248-82f0f1a3a10c/
Near the end are two suggestions worth testing
Read through the whole post and see what you think.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
A hard and fast method for reducing Active Directory Administrators members.
Learn how to number pages in an Access report over each group. Activate two pass printing by referencing the pages property: Add code to the Page Footers OnFormat event to capture the pages as there occur for each group. Use the pages property to …
With Microsoft Access, learn how to start a database in different ways and produce different start-up actions allowing you to use a single database to perform multiple tasks. Specify a start-up form through options: Specify an Autoexec macro: Us…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question