Remove Desktop from Open/Save dialogs

  • Thread starter Thread starter DLecool
  • Start date Start date
D

DLecool

Guest
Terminal Server 2k3 is running in application mode, i.e. an application is
launched upon logon and user has no access to desktop. Server drives are
hidden via GPO, however when the user tries to save or open files he can
still store files on the Desktop. Can that be removed so the only place a
user can save/load files from are his mapped drives i.e. his machine and
nowhere else?

Thanks!
 
Re: Remove Desktop from Open/Save dialogs

Hiding drives is only a cosmetic feature, not a security feature. And
as you have noticed, your users will still be able to get to the
desktop and the local file system in many ways, the "Open file..." or
"Save file..." dialog box in many applications is just one method.
If you want to limit where users can save files, you should use NTFS
permissions.
In your case, you could use a GPO with Folder redirection and define
a customized desktop for all users. You can make this customized
Desktop folder ReadOnly.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?RExlY29vbA==?= <DLecool@discussions.microsoft.com> wrote
on 14 sep 2007 in microsoft.public.windows.terminal_services:

> Terminal Server 2k3 is running in application mode, i.e. an
> application is launched upon logon and user has no access to
> desktop. Server drives are hidden via GPO, however when the user
> tries to save or open files he can still store files on the
> Desktop. Can that be removed so the only place a user can
> save/load files from are his mapped drives i.e. his machine and
> nowhere else?
>
> Thanks!
 
Re: Remove Desktop from Open/Save dialogs

Thanks! I did just that and it worked beautifully.

"Vera Noest [MVP]" wrote:

> Hiding drives is only a cosmetic feature, not a security feature. And
> as you have noticed, your users will still be able to get to the
> desktop and the local file system in many ways, the "Open file..." or
> "Save file..." dialog box in many applications is just one method.
> If you want to limit where users can save files, you should use NTFS
> permissions.
> In your case, you could use a GPO with Folder redirection and define
> a customized desktop for all users. You can make this customized
> Desktop folder ReadOnly.
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> =?Utf-8?B?RExlY29vbA==?= <DLecool@discussions.microsoft.com> wrote
> on 14 sep 2007 in microsoft.public.windows.terminal_services:
>
> > Terminal Server 2k3 is running in application mode, i.e. an
> > application is launched upon logon and user has no access to
> > desktop. Server drives are hidden via GPO, however when the user
> > tries to save or open files he can still store files on the
> > Desktop. Can that be removed so the only place a user can
> > save/load files from are his mapped drives i.e. his machine and
> > nowhere else?
> >
> > Thanks!
>
 
Re: Remove Desktop from Open/Save dialogs

You're welcome. I'm glad that your problem is solved, and thanks
for reporting the results back here!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?RExlY29vbA==?= <DLecool@discussions.microsoft.com> wrote
on 14 sep 2007 in microsoft.public.windows.terminal_services:

> Thanks! I did just that and it worked beautifully.
>
> "Vera Noest [MVP]" wrote:
>
>> Hiding drives is only a cosmetic feature, not a security
>> feature. And as you have noticed, your users will still be able
>> to get to the desktop and the local file system in many ways,
>> the "Open file..." or "Save file..." dialog box in many
>> applications is just one method. If you want to limit where
>> users can save files, you should use NTFS permissions.
>> In your case, you could use a GPO with Folder redirection and
>> define a customized desktop for all users. You can make this
>> customized Desktop folder ReadOnly.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> =?Utf-8?B?RExlY29vbA==?= <DLecool@discussions.microsoft.com>
>> wrote on 14 sep 2007 in
>> microsoft.public.windows.terminal_services:
>>
>> > Terminal Server 2k3 is running in application mode, i.e. an
>> > application is launched upon logon and user has no access to
>> > desktop. Server drives are hidden via GPO, however when the
>> > user tries to save or open files he can still store files on
>> > the Desktop. Can that be removed so the only place a user can
>> > save/load files from are his mapped drives i.e. his machine
>> > and nowhere else?
>> >
>> > Thanks!
 

Similar threads

M
Edit Word Document at client side and update back to server side application
Replies
0
Views
130
M Azeem Ahmad
M
B
Windows 10 Windows 10 - Roaming profile operates without logging errors, but fails to synchronize files
Replies
0
Views
244
BBS-MW
B
R
Windows 10 1903 Office 365 Save As Function Issue
Replies
0
Views
108
Renegade34_G
R
J
Information about SAntivirus (aka Segurazo Antivirus) virus
Replies
0
Views
119
Joe13 B-) 2.0
J
V
Windows 10 Windows 1903 folder redirection issue
Replies
0
Views
121
Vincent Paquette
V
Back
Top