Restrict remote desktop users from downloading information to their own desktops

Posted on 2013-10-03
Medium Priority
Last Modified: 2013-10-10
I want to setup a stand alone remote desktop server (TS) using server 2008, it won't be attached to the domain and just used to view information.

I don't want users to be able to copy to their clipboard, print, see their drives or if possible print screen, the last one I know may be difficult but I thought I'd throw it in there.

I've tried restricting it through group policy through the server but it's made no difference.
Question by:Daniel Forrester
LVL 66

Accepted Solution

btan earned 2000 total points
ID: 39546239
Note the below on a user need to be part of 'remote desktop users' group

In RD Session Host Configuration (tsconfig.msc), double-click RDP-Tcp.  On the Security tab, Add your new local group with Allow for User and Guest access.  

Use the MMC console and Add/Remove Snap-in to select Group Policy Object Editor. Under that, you have the option to select either Admin or Non-Admin and then make modifications to local group policy. So if you choose Non-Admins, you can (for example) remove unwanted items etc, without modifying my Admin group. Having said that, without being on a Domain or using GP in an Active Directory, it's may be restrictive and challenging.
LVL 25

Expert Comment

ID: 39548483
If you go into the properties of the RDP listener, you can disable those functions.  The only thing you can't prevent is them using a local print screen capability on their local machine.


Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question