I have a new server running Windows 2008 R2 with Remote Desktop enabled. This server was setup for a vendor to access through a vpn connection and they have local admin rights on this computer only. My goal is to prevent the remote users from seeing any other system on the domain. What would be the best solution to accomplish this? If its group policy, which policy do I need to enable to lock this system down?