Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows Server 2008 R2 Standard Permissions

Posted on 2013-10-28
10
Medium Priority
?
318 Views
Last Modified: 2014-01-15
I have a server running Win Server 2008 R2. It is NOT setup on a domain. I need to setup remote desktop rights to this person. They need to access the server through RDP, and be able to open just a couple programs. I am trying to do a few things:

1. Restrict access to Computer Management (and all other admin programs)
2. They need access to a couple programs. They need to be able to open the program, but I don't want them to have access to the files in windows explorer. I don't want them to be able to see and/or copy those files that pertain to the program they need to open.
3. Other than those few programs the need to open, I don't want them to have access to any other program.
4. I don't want them to have access to any folders on the C drive. They will need to be able to open programs, as mentioned in #2, but I don't want them to be able to browse to the files through the C drive.

How would I accomplish this? Thanks!!!
0
Comment
Question by:brasiman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39607387
You need to enable Allow log on through Remote Desktop Services policy locally or add user to Remote Desktop user group.By default Remote Desktop user group is configured in Remote Desktop Services policy.

You can define policy as per requirement to block C drive access see this:http://www.howtogeek.com/howto/8035/

Dont add the user to local admin group by default they cannot edit any system configuration.
0
 

Author Comment

by:brasiman
ID: 39607638
That blocked them from seeing any of the drives, but they can still see Computer Management, which allows them to see all the users, change pw's, etc. They have access to the Remote Desktop Users only. How do I block them from Computer Management and other admin functions?
0
 

Author Comment

by:brasiman
ID: 39607651
That also blocks access to the C drive for everyone, including the Administrator. How do i specify access to just one user, or non-administrators? Then, how to I restrict Computer Management and other admin functions for this one user?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:brasiman
ID: 39608866
Thanks Sandeshudubey for your suggestion? Any other thoughts about my two replies above?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39609487
As this policy is machine based it will block all users including admin,alternately you can create group add the non admin users to this group and deny access to local drive to this group.
0
 

Author Comment

by:brasiman
ID: 39609687
I created a group called Non-Admin, assigned this user to the group. How do I restrict access to the C Drive, so they can't browse, but allow them to open some programs installed on the C drive. There are also a few folders on the C drive i want them to have access to.
0
 

Author Comment

by:brasiman
ID: 39609709
At the same time, they can't have access to computer mgmt, etc.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 1500 total points
ID: 39609888
You can refer this to block Computer Management MMC:
http://www.sevenforums.com/tutorials/114739-computer-management-mmc-snap-enable-disable.html

Regarding the permission it will be difficult to exclude the folder if you apply the deny access to drives.
0
 

Author Comment

by:brasiman
ID: 39611753
Ok. So the order of priorities are this:
1. Restrict non-admin users from Computer Management, and other admin functions like that.
2. Restrict access to certain folders on the C Drive,
2a. But in some cases allow programs on the C drive to be run without access to the actual directory.

How would I accomplish #1? I have added these users to a group called Non-Administrators. They is the ONLY group they pertain to. What do I do next?
0
 

Author Closing Comment

by:brasiman
ID: 39784045
This is a tough one. But thanks for the help.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question