Solved

Windows Server 2008 R2 Standard Permissions

Posted on 2013-10-28
10
315 Views
Last Modified: 2014-01-15
I have a server running Win Server 2008 R2. It is NOT setup on a domain. I need to setup remote desktop rights to this person. They need to access the server through RDP, and be able to open just a couple programs. I am trying to do a few things:

1. Restrict access to Computer Management (and all other admin programs)
2. They need access to a couple programs. They need to be able to open the program, but I don't want them to have access to the files in windows explorer. I don't want them to be able to see and/or copy those files that pertain to the program they need to open.
3. Other than those few programs the need to open, I don't want them to have access to any other program.
4. I don't want them to have access to any folders on the C drive. They will need to be able to open programs, as mentioned in #2, but I don't want them to be able to browse to the files through the C drive.

How would I accomplish this? Thanks!!!
0
Comment
Question by:brasiman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39607387
You need to enable Allow log on through Remote Desktop Services policy locally or add user to Remote Desktop user group.By default Remote Desktop user group is configured in Remote Desktop Services policy.

You can define policy as per requirement to block C drive access see this:http://www.howtogeek.com/howto/8035/

Dont add the user to local admin group by default they cannot edit any system configuration.
0
 

Author Comment

by:brasiman
ID: 39607638
That blocked them from seeing any of the drives, but they can still see Computer Management, which allows them to see all the users, change pw's, etc. They have access to the Remote Desktop Users only. How do I block them from Computer Management and other admin functions?
0
 

Author Comment

by:brasiman
ID: 39607651
That also blocks access to the C drive for everyone, including the Administrator. How do i specify access to just one user, or non-administrators? Then, how to I restrict Computer Management and other admin functions for this one user?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:brasiman
ID: 39608866
Thanks Sandeshudubey for your suggestion? Any other thoughts about my two replies above?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39609487
As this policy is machine based it will block all users including admin,alternately you can create group add the non admin users to this group and deny access to local drive to this group.
0
 

Author Comment

by:brasiman
ID: 39609687
I created a group called Non-Admin, assigned this user to the group. How do I restrict access to the C Drive, so they can't browse, but allow them to open some programs installed on the C drive. There are also a few folders on the C drive i want them to have access to.
0
 

Author Comment

by:brasiman
ID: 39609709
At the same time, they can't have access to computer mgmt, etc.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39609888
You can refer this to block Computer Management MMC:
http://www.sevenforums.com/tutorials/114739-computer-management-mmc-snap-enable-disable.html

Regarding the permission it will be difficult to exclude the folder if you apply the deny access to drives.
0
 

Author Comment

by:brasiman
ID: 39611753
Ok. So the order of priorities are this:
1. Restrict non-admin users from Computer Management, and other admin functions like that.
2. Restrict access to certain folders on the C Drive,
2a. But in some cases allow programs on the C drive to be run without access to the actual directory.

How would I accomplish #1? I have added these users to a group called Non-Administrators. They is the ONLY group they pertain to. What do I do next?
0
 

Author Closing Comment

by:brasiman
ID: 39784045
This is a tough one. But thanks for the help.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question