Solved

How to modify user terminal server desktop

Posted on 2014-12-10
8
176 Views
Last Modified: 2014-12-10
We are moving from server 2003 to server 2012R2... also using remote desktop.  Have an issue regarding the remote desktop.

I have found that when a program is installed on the server as administrator, the program the is available to "ALL" users desktops.  We do not want that to happen,  we have a few programs we want to run in remote desktop that are very confidential and for just a limited number of users.   I tried to just delete shortcuts on  user's that did not have a need for these programs however, it deletes for all, even if I log in  as a user with no admin privileges.

I have done some reading, and think there needs to be some group policies set to make things work the way we need it to; however, I am clueless as to how to proceed.

In your answer, you can be as "techie" as you would like because I will be forwarding the  info to my IT guy.  He was the one that initially said we could "probably" use group policies; however, he admits to NOT being a terminal server expert

Thanks in  advance for any and all assistance.
0
Comment
Question by:Rick Norris
  • 4
  • 4
8 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40491983
If the information is truly confidential and you need to ensure isolation, the only real answer is multiple OSes, such as RDS servers or VDI. This has been true for as long as terminal servers have been a thing, pre win2000 with Citrix. That has never really changed. So this isn't new to 2012.

What has changed is that with virtualization, running multiple OSes on higher end hardware is more cost effective than ever, and has opened up other new avenues for maintaining isolated desktops instead of just multiple RDS servers or maintaining multiple desktops and trying to manage client backups. VDI has become very popular in addressing niche needs such as yours.

Either option is good, but which one will depend on other needs, available hardware, and licensing you may already have. Sadly, trying to do it with just one RDS server will not get you what you want though.
0
 

Author Comment

by:Rick Norris
ID: 40492113
Not real sure about your comment....  You mention VDI....  I failed to mention we do have VMWare...  How will this play into  what I am attempting to accomplish????
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40492136
VMWare, Hyper-V, virtualbox, Xen....all roads to the same place. They play a part in running more OSes on less hardware.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Rick Norris
ID: 40492253
ok.... now that you are aware that we have purchased VMWare......  HOW to accomplish what I need to do....  suggestions....???  any articles, links you might be able to provide???

Thanks
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40492274
This isn't a technical problem, so you won't find articles. This is a planning problem. You need to make a list of applications, a list of groups, and then decide how many RDS or desktops you need to meet your security goals. Since each application is unique, each organization has unique needs (remote access, regulatory compliance, similar), each implementation will end up being unique.

Like building a house. You start with an architect, deciding what features you want, and then with the final blueprints, you implement the solution. Building the RDS/VDI solution will be easy. And when you are at that stage, sure, I can give you articles. But right now you need a blueprint. And that is beyond the scope of what can be done through EE.
0
 

Author Comment

by:Rick Norris
ID: 40492463
Cliff:

Thanks for all the advise so far...  If you would just indulge me this one additional question, I'll award you the points:

IF there are no security concerns, and I ONLY want to have a program available on just ONE Terminal desktop, and  NOT appear on any others (we have a total of 10 users)..... How can that be accomplished???

Thanks,
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40492497
In theory you could use a logon script to create the shortcuts when a user logs in. And then only have that login script run for certain users (simple group policy, login script, security group filter.)

However that won't prevent the user from finding the program by browsing the drive. If its installed and working, it is findable, so it is by no means secure.
0
 

Author Closing Comment

by:Rick Norris
ID: 40492543
Cliff:

Thanks for the assistance....  That gets me in  the right direction.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question