How to modify user terminal server desktop

We are moving from server 2003 to server 2012R2... also using remote desktop.  Have an issue regarding the remote desktop.

I have found that when a program is installed on the server as administrator, the program the is available to "ALL" users desktops.  We do not want that to happen,  we have a few programs we want to run in remote desktop that are very confidential and for just a limited number of users.   I tried to just delete shortcuts on  user's that did not have a need for these programs however, it deletes for all, even if I log in  as a user with no admin privileges.

I have done some reading, and think there needs to be some group policies set to make things work the way we need it to; however, I am clueless as to how to proceed.

In your answer, you can be as "techie" as you would like because I will be forwarding the  info to my IT guy.  He was the one that initially said we could "probably" use group policies; however, he admits to NOT being a terminal server expert

Thanks in  advance for any and all assistance.
Rick NorrisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
If the information is truly confidential and you need to ensure isolation, the only real answer is multiple OSes, such as RDS servers or VDI. This has been true for as long as terminal servers have been a thing, pre win2000 with Citrix. That has never really changed. So this isn't new to 2012.

What has changed is that with virtualization, running multiple OSes on higher end hardware is more cost effective than ever, and has opened up other new avenues for maintaining isolated desktops instead of just multiple RDS servers or maintaining multiple desktops and trying to manage client backups. VDI has become very popular in addressing niche needs such as yours.

Either option is good, but which one will depend on other needs, available hardware, and licensing you may already have. Sadly, trying to do it with just one RDS server will not get you what you want though.
0
Rick NorrisAuthor Commented:
Not real sure about your comment....  You mention VDI....  I failed to mention we do have VMWare...  How will this play into  what I am attempting to accomplish????
0
Cliff GaliherCommented:
VMWare, Hyper-V, virtualbox, Xen....all roads to the same place. They play a part in running more OSes on less hardware.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Rick NorrisAuthor Commented:
ok.... now that you are aware that we have purchased VMWare......  HOW to accomplish what I need to do....  suggestions....???  any articles, links you might be able to provide???

Thanks
0
Cliff GaliherCommented:
This isn't a technical problem, so you won't find articles. This is a planning problem. You need to make a list of applications, a list of groups, and then decide how many RDS or desktops you need to meet your security goals. Since each application is unique, each organization has unique needs (remote access, regulatory compliance, similar), each implementation will end up being unique.

Like building a house. You start with an architect, deciding what features you want, and then with the final blueprints, you implement the solution. Building the RDS/VDI solution will be easy. And when you are at that stage, sure, I can give you articles. But right now you need a blueprint. And that is beyond the scope of what can be done through EE.
0
Rick NorrisAuthor Commented:
Cliff:

Thanks for all the advise so far...  If you would just indulge me this one additional question, I'll award you the points:

IF there are no security concerns, and I ONLY want to have a program available on just ONE Terminal desktop, and  NOT appear on any others (we have a total of 10 users)..... How can that be accomplished???

Thanks,
0
Cliff GaliherCommented:
In theory you could use a logon script to create the shortcuts when a user logs in. And then only have that login script run for certain users (simple group policy, login script, security group filter.)

However that won't prevent the user from finding the program by browsing the drive. If its installed and working, it is findable, so it is by no means secure.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rick NorrisAuthor Commented:
Cliff:

Thanks for the assistance....  That gets me in  the right direction.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.