Link to home
Start Free TrialLog in
Avatar of Line One
Line One

asked on

Windows 7 RDS workstation - restrict to RDS only

I am looking for a means of locking down Windows 7 workstations in a 2008 R2 RDS environment so that the only thing users can do is run the RDP client on it. What should happen is that when anybody turns the computer on is that at the end of the boot process they find themselves looking at an RDP client 'enter your login name' prompt. The users should have no access to the local system - only an administrator would be able to access any of the local resources. How would I go about doing this?
SOLUTION
Avatar of yo_bee
yo_bee
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of yo_bee
yo_bee
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of yo_bee
yo_bee
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Line One
Line One

ASKER

Thanks for all the tips.

 yo_bee:

Yo write:

"For testing you can also try using RD WEB.
if you have this bat file placed in the start up folder listed above this might give you one more layer of lockdown.

iexplore.exe -k "URL"

example iexplore.exe -k  "https://InternalRDService/RDWEB"

**** Why would this be one extra layer of lockdown?

You might want to remove the ability for standard users from using Ctrl + Alt + Del as well

**** How? Group Policy?

++++
 radhakrishnan2007:
You write:
Better suggestion would be ask the users to log off the machine once they finished as this is a default behavior for some security reasons. If the current user doesn't log off the current session and shutdown the machine, it will act as the machine is locked and will look for the latest authentication and it says locked and only admin privileged users can unlock it.

**** How would I implement this?
ASKER CERTIFIED SOLUTION
Avatar of yo_bee
yo_bee
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Line One
Line One

ASKER

Thanks for the additional info. Let me give it a try and get back to you.
Avatar of Line One
Line One

ASKER

Having trouble freeing up time. I will close and when I get around to this and have any further questions will post then.  Thanks.