Re: Terminal Server Client Access - Full Desktop with single application access
Using a custom redirected desktop is only part of your solution.
You will also need a redirected custom start menu, with a start
menu which only contains the applications of your choice, you'll
need to empty the Default User Start menu on the server, and use a
number of other lockdown policy settings, like the ability to
right-click, case-sensitive menus, hide drives, etc, etc.
You will still not be able to get everything that you want, but I
assume that the important thing is that you make it impossible for
the users to do anything potentially harmfull to the server.
The best way to reach that goal is using NTFS permissions and
Software restriction policies. Users will still be able to *see*
some options, but will get an "This feature has been disabled"
error when they try to use them.
Here's some reading:
Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo
wn.mspx
Using Software Restriction Policies to Protect Against Unauthorized
Software
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstr
plcy.mspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting:
http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"benxxv via WinServerKB.com" <u30064@uwe> wrote on 23 nov 2007 in
microsoft.public.windows.terminal_services:
> Dear Vera,
>
> Thankyou, I implemented the GPO, but my intended purpose is not
> achieved.
>
> I require to provide the RDP user with the following.
>
> 01. Full Desktop
> 02. Desktop Icon with my application
> 03. No Tasks visible running in the task tray
> 04. When the user clicks on Start - All Programs - Nothing to be
> visible 05. No Windows Explorer access - so that, they cannot
> browse the server harddisk or anything on the server
>
> With the GPO settings you provided, user can goto Start - All
> Programs and can see all the softwares installed on the terminal
> server and able to run the application.
>
> I just want, a lockeddown desktop with my application desktop
> icon access only.
>
> May be my requirement is strange, but is this possible to
> implement in Terminal Server or do I need to go for Citrix?
>
> Regards.
>
> Vera Noest [MVP] wrote:
>>Use a Group Policy with Folder redirection, redirect them to a
>>custom Desktop folder and put a shortcut to your application in
>>the custom desktop folder. Make the folder Read-Only with NTFS
>>permissions.
>>
>>User Configuration - Windows Settings - Folder Redirection
>>Desktop
>>
>>and since this is a user setting, you'll also need to use
>>loopback processing of the GPO:
>>
>>Computer Configuration - Administrative Templates - System -
>>Group Policy
>>"User Group Policy loopback processing mode" - "Replace"
>>_________________________________________________________
>>Vera Noest
>>MCSE, CCEA, Microsoft MVP - Terminal Server
>>TS troubleshooting: http://ts.veranoest.net
>>___ please respond in newsgroup, NOT by private email ___
>>
>>"benxxv via WinServerKB.com" <u30064@uwe> wrote on 22 nov 2007
>>in microsoft.public.windows.terminal_services:
>>
>>> Hi,
>>>
>>[quoted text clipped - 10 lines]
>>>
>>> Regards,