Solved

How to modify user terminal server desktop

Posted on 2014-12-10
8
167 Views
Last Modified: 2014-12-10
We are moving from server 2003 to server 2012R2... also using remote desktop.  Have an issue regarding the remote desktop.

I have found that when a program is installed on the server as administrator, the program the is available to "ALL" users desktops.  We do not want that to happen,  we have a few programs we want to run in remote desktop that are very confidential and for just a limited number of users.   I tried to just delete shortcuts on  user's that did not have a need for these programs however, it deletes for all, even if I log in  as a user with no admin privileges.

I have done some reading, and think there needs to be some group policies set to make things work the way we need it to; however, I am clueless as to how to proceed.

In your answer, you can be as "techie" as you would like because I will be forwarding the  info to my IT guy.  He was the one that initially said we could "probably" use group policies; however, he admits to NOT being a terminal server expert

Thanks in  advance for any and all assistance.
0
Comment
Question by:Rick Norris
  • 4
  • 4
8 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40491983
If the information is truly confidential and you need to ensure isolation, the only real answer is multiple OSes, such as RDS servers or VDI. This has been true for as long as terminal servers have been a thing, pre win2000 with Citrix. That has never really changed. So this isn't new to 2012.

What has changed is that with virtualization, running multiple OSes on higher end hardware is more cost effective than ever, and has opened up other new avenues for maintaining isolated desktops instead of just multiple RDS servers or maintaining multiple desktops and trying to manage client backups. VDI has become very popular in addressing niche needs such as yours.

Either option is good, but which one will depend on other needs, available hardware, and licensing you may already have. Sadly, trying to do it with just one RDS server will not get you what you want though.
0
 

Author Comment

by:Rick Norris
ID: 40492113
Not real sure about your comment....  You mention VDI....  I failed to mention we do have VMWare...  How will this play into  what I am attempting to accomplish????
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40492136
VMWare, Hyper-V, virtualbox, Xen....all roads to the same place. They play a part in running more OSes on less hardware.
0
 

Author Comment

by:Rick Norris
ID: 40492253
ok.... now that you are aware that we have purchased VMWare......  HOW to accomplish what I need to do....  suggestions....???  any articles, links you might be able to provide???

Thanks
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40492274
This isn't a technical problem, so you won't find articles. This is a planning problem. You need to make a list of applications, a list of groups, and then decide how many RDS or desktops you need to meet your security goals. Since each application is unique, each organization has unique needs (remote access, regulatory compliance, similar), each implementation will end up being unique.

Like building a house. You start with an architect, deciding what features you want, and then with the final blueprints, you implement the solution. Building the RDS/VDI solution will be easy. And when you are at that stage, sure, I can give you articles. But right now you need a blueprint. And that is beyond the scope of what can be done through EE.
0
 

Author Comment

by:Rick Norris
ID: 40492463
Cliff:

Thanks for all the advise so far...  If you would just indulge me this one additional question, I'll award you the points:

IF there are no security concerns, and I ONLY want to have a program available on just ONE Terminal desktop, and  NOT appear on any others (we have a total of 10 users)..... How can that be accomplished???

Thanks,
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40492497
In theory you could use a logon script to create the shortcuts when a user logs in. And then only have that login script run for certain users (simple group policy, login script, security group filter.)

However that won't prevent the user from finding the program by browsing the drive. If its installed and working, it is findable, so it is by no means secure.
0
 

Author Closing Comment

by:Rick Norris
ID: 40492543
Cliff:

Thanks for the assistance....  That gets me in  the right direction.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now