Terminal Server 2008 Lockdown

Posted on 2011-10-18
Last Modified: 2012-05-12
I have users logging into the termianl server, which is also my domain server, I need to know how to hide everything but the programs on the desktop for all users but the administrator
Question by:jdsdesktop1
    LVL 22

    Accepted Solution

    Using your DC as a terminal server is a risky prospect because of the potential damage someone could inflict if you don't get security perfect. Not only that, they could seriously bog down your entire network if somebody does something that take up a lot of processor cycles. Is there another option?

    If not, depending on your windows version, microsoft licensing permits you to install another copy of your windows server software as a virtual machine. Maybe that would be easier to manage.

    Author Closing Comment

    I have been using this solutions for 10 Years, however i was using 2000 server, which i just upgraded from, It worked great, but i was using a menu program which only allowed the users to use the programs published, they could not access anything else, Do you know of such a solution
    LVL 22

    Expert Comment

    by:Brian B (TBone2K)
    With 2008 your best bet is usually to use group policy. Here is some more info to go over. Just be careful and understand what these changes might do. You could accidentally lock yourself out of the domain controller. The trick is to make sure the policy applies only to the remote desktop users.

    Featured Post

    Shouldn't all users have the same email signature?

    You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

    Join & Write a Comment

    To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now