[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 601
  • Last Modified:

windows 2008 r2 RDS Server

I recently set up a Windows 2008 Server and set it up for RDS( Remote Desktop Services) I set up the accounts and licensing and the users can log in. I am interested in customizing the experience for the user. Specifically, I want to add applications and restrict areas that can see (ex. blocking their access to C drive, not allowing them to install stuff). How do I do this?
0
zelfanet
Asked:
zelfanet
  • 5
  • 4
1 Solution
 
bedindCommented:
To add applications for remote users, easiest way is to open up control panel and use the wizard 'Install Application on Remote Desktop..."

To restrict user access, firstly make sure they're not local administrators - then the best way would be to use group policy, Assuming you have an active directory structure in place, create a policy that applies to the remote desktop server, and you can modify users access.
0
 
zelfanetAuthor Commented:
Thanks bedind,

Can you explain to me how to create a policy.
0
 
bedindCommented:
if you have active directory, make sure you know which OU the computer is in, might be worth moving it to it's own - then using the 'Group Policy Management' administration tool, create a policy which applies to that OU. Not something that's easily explained, but there's some ueful video's and tutorials around.

If you're not using Active Directory, then you can create a local policy using the snap-in from the Microsoft Management Console. (start -> run -> mmc).

With both of the options, be careful as it's possible to lock out some required functionality - especially with using it locally, it's possible to disable yourself access..

Possibly useful links:
http://support.microsoft.com/kb/256345

http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=3&cad=rja&ved=0CFUQtwIwAg&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DoTmDIP01AXY&ei=_LgxUKzUC4e8iAf37YGwBQ&usg=AFQjCNGe8qeGCrFhrqNRMx5bNEAK3Jng4w
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
zelfanetAuthor Commented:
Thanks for the links.

 I went in and created a new ou and put the RDS Server inside of it.  I then opened Group Policy Management and right clicked on the OU. Do I pick 'create a gpo in this domain, and link it here' ?
0
 
bedindCommented:
Yes, that will create a new policy and will apply it to anything in that OU :)
0
 
zelfanetAuthor Commented:
So when I dropped the server into that ou, I was no longer able to remote into it. I moved it back to the other ou and I can then connect to it. I guess there is a policy normally that allows remote access?

It seems like there a ton of options, is there anyway that has done this on a RDS server tha can tell me which things to modify?? Also, under computer I donyt see a policy to blovk access to the C Drive, I see it under users....
0
 
zelfanetAuthor Commented:
To clarify, I want to block access for all users of the RDS Server, I see an item that is under the 'user' section and not that 'computer' section. If I enable that, wont it effect the regular users on the network?
0
 
bedindCommented:
it will only change things that fall under that OU. So if you do it on the root level, yes - every user will be effected. If you do it on the level that only contains the server that you want to restrict access, then users logging into that server will be effected, that's all. Perhaps try it on something safe first, like making small start menu icons or something.. not the end of the world if you get it wrong.
0
 
zelfanetAuthor Commented:
That worked great!

The users see the Administrative tools and Windows Security shortcuts on the start bar, how  can I get rid of that?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now