?
Solved

How to modify user terminal server desktop

Posted on 2014-12-10
8
Medium Priority
?
183 Views
Last Modified: 2014-12-10
We are moving from server 2003 to server 2012R2... also using remote desktop.  Have an issue regarding the remote desktop.

I have found that when a program is installed on the server as administrator, the program the is available to "ALL" users desktops.  We do not want that to happen,  we have a few programs we want to run in remote desktop that are very confidential and for just a limited number of users.   I tried to just delete shortcuts on  user's that did not have a need for these programs however, it deletes for all, even if I log in  as a user with no admin privileges.

I have done some reading, and think there needs to be some group policies set to make things work the way we need it to; however, I am clueless as to how to proceed.

In your answer, you can be as "techie" as you would like because I will be forwarding the  info to my IT guy.  He was the one that initially said we could "probably" use group policies; however, he admits to NOT being a terminal server expert

Thanks in  advance for any and all assistance.
0
Comment
Question by:Rick Norris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40491983
If the information is truly confidential and you need to ensure isolation, the only real answer is multiple OSes, such as RDS servers or VDI. This has been true for as long as terminal servers have been a thing, pre win2000 with Citrix. That has never really changed. So this isn't new to 2012.

What has changed is that with virtualization, running multiple OSes on higher end hardware is more cost effective than ever, and has opened up other new avenues for maintaining isolated desktops instead of just multiple RDS servers or maintaining multiple desktops and trying to manage client backups. VDI has become very popular in addressing niche needs such as yours.

Either option is good, but which one will depend on other needs, available hardware, and licensing you may already have. Sadly, trying to do it with just one RDS server will not get you what you want though.
0
 

Author Comment

by:Rick Norris
ID: 40492113
Not real sure about your comment....  You mention VDI....  I failed to mention we do have VMWare...  How will this play into  what I am attempting to accomplish????
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40492136
VMWare, Hyper-V, virtualbox, Xen....all roads to the same place. They play a part in running more OSes on less hardware.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Rick Norris
ID: 40492253
ok.... now that you are aware that we have purchased VMWare......  HOW to accomplish what I need to do....  suggestions....???  any articles, links you might be able to provide???

Thanks
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40492274
This isn't a technical problem, so you won't find articles. This is a planning problem. You need to make a list of applications, a list of groups, and then decide how many RDS or desktops you need to meet your security goals. Since each application is unique, each organization has unique needs (remote access, regulatory compliance, similar), each implementation will end up being unique.

Like building a house. You start with an architect, deciding what features you want, and then with the final blueprints, you implement the solution. Building the RDS/VDI solution will be easy. And when you are at that stage, sure, I can give you articles. But right now you need a blueprint. And that is beyond the scope of what can be done through EE.
0
 

Author Comment

by:Rick Norris
ID: 40492463
Cliff:

Thanks for all the advise so far...  If you would just indulge me this one additional question, I'll award you the points:

IF there are no security concerns, and I ONLY want to have a program available on just ONE Terminal desktop, and  NOT appear on any others (we have a total of 10 users)..... How can that be accomplished???

Thanks,
0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40492497
In theory you could use a logon script to create the shortcuts when a user logs in. And then only have that login script run for certain users (simple group policy, login script, security group filter.)

However that won't prevent the user from finding the program by browsing the drive. If its installed and working, it is findable, so it is by no means secure.
0
 

Author Closing Comment

by:Rick Norris
ID: 40492543
Cliff:

Thanks for the assistance....  That gets me in  the right direction.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question