Restrict remote desktop users from downloading information to their own desktops

I want to setup a stand alone remote desktop server (TS) using server 2008, it won't be attached to the domain and just used to view information.

I don't want users to be able to copy to their clipboard, print, see their drives or if possible print screen, the last one I know may be difficult but I thought I'd throw it in there.

I've tried restricting it through group policy through the server but it's made no difference.
Daniel ForresterDirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Note the below on a user need to be part of 'remote desktop users' group
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ce7ac5b7-f7ee-4126-9107-fda73d8dda0b/remote-desktop-permission-and-group-policy?forum=winserverTS

In RD Session Host Configuration (tsconfig.msc), double-click RDP-Tcp.  On the Security tab, Add your new local group with Allow for User and Guest access.  

Side-note
Use the MMC console and Add/Remove Snap-in to select Group Policy Object Editor. Under that, you have the option to select either Admin or Non-Admin and then make modifications to local group policy. So if you choose Non-Admins, you can (for example) remove unwanted items etc, without modifying my Admin group. Having said that, without being on a Domain or using GP in an Active Directory, it's may be restrictive and challenging.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CoralonCommented:
If you go into the properties of the RDP listener, you can disable those functions.  The only thing you can't prevent is them using a local print screen capability on their local machine.

Coralon
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.