yagigain
asked on
RDP Lock down to one application
Hi,
I am wanting to give an user access to one application on a system over WAN. I was planning on setting up RDP access for that purpose, but need to restrict access to just one application and its associated files, and prevent the users from being able to access all other files or applications.
What would be the best way to go about that ?
Doing it using User permissions / groups seems like a really messy way to do it as even a user only assigned only with Remote Desktop Users can still access all of the applications and much of the files. The other option would be to setup another TS 'server' computer with just the required client software on it and run it as a client to the server, but would be more convenient if I could just have him log into the server and restrict him to one application on the actual server as it saves the hassle of needed another machine / client to update etc.
Also the server is space limited so setting up some kind of virtual machine on the server isn't' really an option.
thx.
I am wanting to give an user access to one application on a system over WAN. I was planning on setting up RDP access for that purpose, but need to restrict access to just one application and its associated files, and prevent the users from being able to access all other files or applications.
What would be the best way to go about that ?
Doing it using User permissions / groups seems like a really messy way to do it as even a user only assigned only with Remote Desktop Users can still access all of the applications and much of the files. The other option would be to setup another TS 'server' computer with just the required client software on it and run it as a client to the server, but would be more convenient if I could just have him log into the server and restrict him to one application on the actual server as it saves the hassle of needed another machine / client to update etc.
Also the server is space limited so setting up some kind of virtual machine on the server isn't' really an option.
thx.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well the server is already used by about 30 RDP users. We wanted to allow access to one application to another medical organization. I'll look into GPEdit, but thinking be safest to just setup an old box as a TS server for this particular purpose.
30 RDP users? Is this a terminal server(RDS Server)? Or do they just login to the server at different times? (Servers can only have 2 admin accounts logged in at the same time.)
ASKER
Yeah licensed RDP (TS) server, all logged on at once (or most of them). We just want to setup a really locked down account for one particular user / organisation to use.
OK, now we're getting somewhere. What version is the TS server, win 2000, 2003, 2008 ,2011 , 2012?
ASKER
2008 R2
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah remote app is interesting, but I'm not prepared to experiment with it on this application, which is SQL driven and has lots of different .exe's and also mission critical. I think I'm going to just setup a physical box and install software as a client and allow a TS connection on it.
Thanks all for the input and helping me clarify my options.
Thanks all for the input and helping me clarify my options.
Best you could do, would be to create an account that could login (Non-Admin) to the server, then go in to GPEdit & lock down that users desktop, start menu, command line access, etc.