Line One
asked on
Windows 7 - lock down local computer to RDP only
I have a Windows 2003 domain with 2008 RDS servers and Windows 7 clients. What alternatives are there so that the Windows 7 workstations only allow users to run the TS client - in other words prevent users from getting access to the local system?
Try setting Group Policy under Computer Configuration | Windows Settings | Security Settings | Local Polices | User Rights Assignment. Set "Deny log on locally" to Domain Users, and "Allow log on through Remote Desktop Services" to Domain Users. You could change the groups to suit your needs. Note that if you set "Deny log on locally" to Domain Users, this will apply to Domain Admins as well, and this setting has priority over "Allow log on locally". Local users should still be able to log on though.
ASKER
Thanks for this. However as far as your note about local users, there should be none - I don't want anybody logging onto the PC to have access to the local system whether they are Domain Users or not. What should happen is that anybody other than the Domain Admin/local admin who turns the computer on will only see an RDP client icon and that's all they will be able to access on the system.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the additional inpu. I wouldn't mind some more detailed information from someone who has tried this so I will close this question and post again.
Thanks for the points. Keep in mind that if you need additional input you can also use the Request Attention button.
Best of luck.
Best of luck.