Remote desktop user permissions 2003 R2 Standard

Posted on 2011-10-20
Medium Priority
Last Modified: 2012-05-12
Hello and thank you for taking the time out to read my question.
Your time is valued and expertise appreciated.

We have 2003 R2 Standard server.
There is a site to site VPN w/ another client of ours who needs to RDP to the server to use some of our management software to look up reports and such.

There is a scrip that maps drives and such to make the management application work.

I do not want these uses to have access to control panel or anything else other than the application and what the script says to do.

I tried to change their permission in AD by removeing Domain User and adding Guest. But when i try to remove Domain User i get an error message that tells me that i can not remove the primary user role.

The option to make gust the primary user is not enabled. This tells me that I'm going the wrong way about this.

 user role
Can someone please assist me and let me know what I need to do to make this happen.

Many thanks in advance.

Question by:loshdog
LVL 23

Expert Comment

by:Stelian Stan
ID: 37004323
I think you have to use Group Policy to achieve that.
LVL 23

Accepted Solution

Stelian Stan earned 668 total points
ID: 37004331
LVL 20

Assisted Solution

wolfcamel earned 664 total points
ID: 37004389
as well as trying group policy, you could also try configuring the rdp client to simply run the management app - this will only run the management app and wont give you a start menu etc

Assisted Solution

saraf1000 earned 668 total points
ID: 37004645
If its the single application that is needed to be accessed; I simply put the application path in the environment of that user. It works as secured only application rdp connection.


Author Closing Comment

ID: 37085041
Thank you

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question