nunyadamnbidness
asked on
Terminal Services Manager
So, I have a 2008 R2 terminal server. It is also a domain controller. There are about 40 users connecting to it. 36 of them are lower level users and 4 of them are senior management. I have a user that will be assisting with supporting the 4 senior management users via terminal service manager or RD session manager as it is called in 2008. Here's the catch, when they open terminal services manager, that user can see ALL of the users connected to the server and can send them messages or shadow them etc... I do not want this user to SEE any of the users in the lower level OU, just the users in the senior management OU. There are various reasons for this that I won't get into and I know that I can set permissions on whether you need to require permissions to shadow another user, but what I need is a way to hide the lower level users from this support person and only allow him to see the sessions of the users in that specific OU. Any ideas???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Does anyone know of a way to accomplish this, such as VNC or other. The main problem I see is remoting from the server to another session on the same terminal server. Any Ideas???
Nope, sorry, I don't know of any such application, which is why I suggested to create your own; this requirement is probably a bit too specific. With Citrix, you can specify which users are allowed to shadow which users, but the rest of the session control (view, logoff, ...) can only be delegated for all sessions in the farm as well, not depending on the targeted users.
What exactly is it that you want the supporting users (to be able) to actually do? So far, you've only said what you don't want them to do.
What exactly is it that you want the supporting users (to be able) to actually do? So far, you've only said what you don't want them to do.
ASKER
Thanks I want them to be able to shadow other users for desktop support, but only users within the certain OU and not another OU.
ASKER