Server 2012 RD session

I've got a server running Server 2012 R2 with RD Session Host on a Domain Controller installed.
When the clients remote connect to the server (RDP) I would like to block their access to certain folders or if not possible block access to local drives on the server.
All resources must be available when the administrator remote connect to the server.
mmsoftwareAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Here is the below settings however first while defining this policy i would recommend create a new policy. And in the security filtering remove the authenticated users and add the Remote Desktop users group then edit the policy and specify the drives which you don't want to allow

Hiding/Preventing Access to Drives

You can use Group Policy settings to hide and restrict access to drives on the RD Session Host server. By enabling these settings you can ensure that users do not inadvertently access data stored on other drives, or delete or damage programs or other critical system files on drive C.

The following settings are located in the Group Policy Management Console under User Configuration\Policies\Administrative Templates\Windows Components\Windows Explorer:

Hide these specified drives in My Computer. You can remove the icons for specified drives from a user’s My Computer folder by enabling this setting and using the drop-down list to select the drives you would like to hide. However, this setting does not restrict access to these drives.
Prevent access to drives from My Computer. Enable this setting to prevent users from accessing the chosen combination of drives. Use this setting to lock down the RD Session Host server for users accessing it for their primary desktop.
Applies to:

Windows Server 2008 R2
Windows Server 2008
Windows Server 2003

Thanks
Manikandan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mmsoftwareAuthor Commented:
Thank you for your quick response. Does this apply to server 2012 R2 also.
Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:
Hi,

Yes it applies to that too.

Thanks
Manikandan
mmsoftwareAuthor Commented:
Manikandan

I'll test the solution this evening and post my progress.

Thanks
Simon
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.