Solved

How to modify user terminal server desktop

Posted on 2014-12-10
8
178 Views
Last Modified: 2014-12-10
We are moving from server 2003 to server 2012R2... also using remote desktop.  Have an issue regarding the remote desktop.

I have found that when a program is installed on the server as administrator, the program the is available to "ALL" users desktops.  We do not want that to happen,  we have a few programs we want to run in remote desktop that are very confidential and for just a limited number of users.   I tried to just delete shortcuts on  user's that did not have a need for these programs however, it deletes for all, even if I log in  as a user with no admin privileges.

I have done some reading, and think there needs to be some group policies set to make things work the way we need it to; however, I am clueless as to how to proceed.

In your answer, you can be as "techie" as you would like because I will be forwarding the  info to my IT guy.  He was the one that initially said we could "probably" use group policies; however, he admits to NOT being a terminal server expert

Thanks in  advance for any and all assistance.
0
Comment
Question by:Rick Norris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40491983
If the information is truly confidential and you need to ensure isolation, the only real answer is multiple OSes, such as RDS servers or VDI. This has been true for as long as terminal servers have been a thing, pre win2000 with Citrix. That has never really changed. So this isn't new to 2012.

What has changed is that with virtualization, running multiple OSes on higher end hardware is more cost effective than ever, and has opened up other new avenues for maintaining isolated desktops instead of just multiple RDS servers or maintaining multiple desktops and trying to manage client backups. VDI has become very popular in addressing niche needs such as yours.

Either option is good, but which one will depend on other needs, available hardware, and licensing you may already have. Sadly, trying to do it with just one RDS server will not get you what you want though.
0
 

Author Comment

by:Rick Norris
ID: 40492113
Not real sure about your comment....  You mention VDI....  I failed to mention we do have VMWare...  How will this play into  what I am attempting to accomplish????
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40492136
VMWare, Hyper-V, virtualbox, Xen....all roads to the same place. They play a part in running more OSes on less hardware.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:Rick Norris
ID: 40492253
ok.... now that you are aware that we have purchased VMWare......  HOW to accomplish what I need to do....  suggestions....???  any articles, links you might be able to provide???

Thanks
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40492274
This isn't a technical problem, so you won't find articles. This is a planning problem. You need to make a list of applications, a list of groups, and then decide how many RDS or desktops you need to meet your security goals. Since each application is unique, each organization has unique needs (remote access, regulatory compliance, similar), each implementation will end up being unique.

Like building a house. You start with an architect, deciding what features you want, and then with the final blueprints, you implement the solution. Building the RDS/VDI solution will be easy. And when you are at that stage, sure, I can give you articles. But right now you need a blueprint. And that is beyond the scope of what can be done through EE.
0
 

Author Comment

by:Rick Norris
ID: 40492463
Cliff:

Thanks for all the advise so far...  If you would just indulge me this one additional question, I'll award you the points:

IF there are no security concerns, and I ONLY want to have a program available on just ONE Terminal desktop, and  NOT appear on any others (we have a total of 10 users)..... How can that be accomplished???

Thanks,
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40492497
In theory you could use a logon script to create the shortcuts when a user logs in. And then only have that login script run for certain users (simple group policy, login script, security group filter.)

However that won't prevent the user from finding the program by browsing the drive. If its installed and working, it is findable, so it is by no means secure.
0
 

Author Closing Comment

by:Rick Norris
ID: 40492543
Cliff:

Thanks for the assistance....  That gets me in  the right direction.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM, SCOM or Something Else 6 60
Server 2012 L2TP VPN Windows client to server 10 35
In Which situation we need to add static routes 10 45
Folder Redirection GPO 8 51
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question