Using Group Policy to restrict Authenticated User Access on Domain


We are running a Windows 2003 SBS domain with about 50 users.  We now have a requirement to add a new AD user that will not have access to any of the normal Domain based file shares as all other authenticated users.  This new AD user will log onto our Windows 2008 R2 Terminal Server in order to launch a specific application.

How can we restrict this user so the account is restricted from accessing anything except for the application they need to run on the Terminal Server?

Thanks in advance -

Who is Participating?
Andrew DavisConnect With a Mentor ManagerCommented:
Do this via GPO what you want is to create a Software restricition policy. see 
Create a policy that only allows the one app that you want and then using filters apply it to your one user, or alternativley put them in a seperate ou and apply it to the ou. Use RSOP to ensure that you are applying it correctly and that it will be enforced on the terminal server.

Not overly difficult but can get confusing due to loopback policy that you may need to put in effect, it is hard to say without knowing what your other policies are and what the structure of your configuration is. you may want to read for info on loopback.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.