Solved

Windows Server 2008 R2 Standard Permissions

Posted on 2013-10-28
10
313 Views
Last Modified: 2014-01-15
I have a server running Win Server 2008 R2. It is NOT setup on a domain. I need to setup remote desktop rights to this person. They need to access the server through RDP, and be able to open just a couple programs. I am trying to do a few things:

1. Restrict access to Computer Management (and all other admin programs)
2. They need access to a couple programs. They need to be able to open the program, but I don't want them to have access to the files in windows explorer. I don't want them to be able to see and/or copy those files that pertain to the program they need to open.
3. Other than those few programs the need to open, I don't want them to have access to any other program.
4. I don't want them to have access to any folders on the C drive. They will need to be able to open programs, as mentioned in #2, but I don't want them to be able to browse to the files through the C drive.

How would I accomplish this? Thanks!!!
0
Comment
Question by:brasiman
  • 7
  • 3
10 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39607387
You need to enable Allow log on through Remote Desktop Services policy locally or add user to Remote Desktop user group.By default Remote Desktop user group is configured in Remote Desktop Services policy.

You can define policy as per requirement to block C drive access see this:http://www.howtogeek.com/howto/8035/

Dont add the user to local admin group by default they cannot edit any system configuration.
0
 

Author Comment

by:brasiman
ID: 39607638
That blocked them from seeing any of the drives, but they can still see Computer Management, which allows them to see all the users, change pw's, etc. They have access to the Remote Desktop Users only. How do I block them from Computer Management and other admin functions?
0
 

Author Comment

by:brasiman
ID: 39607651
That also blocks access to the C drive for everyone, including the Administrator. How do i specify access to just one user, or non-administrators? Then, how to I restrict Computer Management and other admin functions for this one user?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:brasiman
ID: 39608866
Thanks Sandeshudubey for your suggestion? Any other thoughts about my two replies above?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39609487
As this policy is machine based it will block all users including admin,alternately you can create group add the non admin users to this group and deny access to local drive to this group.
0
 

Author Comment

by:brasiman
ID: 39609687
I created a group called Non-Admin, assigned this user to the group. How do I restrict access to the C Drive, so they can't browse, but allow them to open some programs installed on the C drive. There are also a few folders on the C drive i want them to have access to.
0
 

Author Comment

by:brasiman
ID: 39609709
At the same time, they can't have access to computer mgmt, etc.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39609888
You can refer this to block Computer Management MMC:
http://www.sevenforums.com/tutorials/114739-computer-management-mmc-snap-enable-disable.html

Regarding the permission it will be difficult to exclude the folder if you apply the deny access to drives.
0
 

Author Comment

by:brasiman
ID: 39611753
Ok. So the order of priorities are this:
1. Restrict non-admin users from Computer Management, and other admin functions like that.
2. Restrict access to certain folders on the C Drive,
2a. But in some cases allow programs on the C drive to be run without access to the actual directory.

How would I accomplish #1? I have added these users to a group called Non-Administrators. They is the ONLY group they pertain to. What do I do next?
0
 

Author Closing Comment

by:brasiman
ID: 39784045
This is a tough one. But thanks for the help.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question