Newbie Question - Lock down client access

  • Thread starter Thread starter DanSim
  • Start date Start date
D

DanSim

Guest
I am looking into using thin clients for internet kiosk's and would like to
know if there is a clear document that tells me how to lock down each users
terminal service session to only one app (IE) with little or no permissions
on the TS file system?

Just to make sure my question is clear here is the scenerio.
There will be multiple thin client computers (Wyse) that will automatically
login to a windows 2008 terminal server. Upon login IE needs to run and open
to a specific web page. No other access to the file system is needed.

Other users will approach the thin client and be prompted to login with
thier AD account. They will login and I would like IE to load and for them
to have no other access to the TS.

I am looking for the answer on how to lock down the users or secure the TS
from the clients so to speak.

Thanks,
Dan
 
Re: Newbie Question - Lock down client access

I could write a book on this. The subject is way to broad to answer here.
I would recommend working with a consultant (me or anyone else) to get you
exactly what you want. I think in your case you definitelyw ant to start
with IE in kiosk mode.

Jeff Pitsch
Microsoft MVP - Terminal Services


"DanSim" <DanSim@discussions.microsoft.com> wrote in message
news:0323EA05-A5AE-473D-9D03-E78C01900813@microsoft.com...
>I am looking into using thin clients for internet kiosk's and would like to
> know if there is a clear document that tells me how to lock down each
> users
> terminal service session to only one app (IE) with little or no
> permissions
> on the TS file system?
>
> Just to make sure my question is clear here is the scenerio.
> There will be multiple thin client computers (Wyse) that will
> automatically
> login to a windows 2008 terminal server. Upon login IE needs to run and
> open
> to a specific web page. No other access to the file system is needed.
>
> Other users will approach the thin client and be prompted to login with
> thier AD account. They will login and I would like IE to load and for
> them
> to have no other access to the TS.
>
> I am looking for the answer on how to lock down the users or secure the TS
> from the clients so to speak.
>
> Thanks,
> Dan
 
Re: Newbie Question - Lock down client access

And Software Restriction Policies on the server, allowing only IE
to be run.

http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo
wn.mspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 02 aug 2008
in microsoft.public.windows.terminal_services:

> I could write a book on this. The subject is way to broad to
> answer here. I would recommend working with a consultant (me or
> anyone else) to get you exactly what you want. I think in your
> case you definitelyw ant to start with IE in kiosk mode.
>
> Jeff Pitsch
> Microsoft MVP - Terminal Services
>
>
> "DanSim" <DanSim@discussions.microsoft.com> wrote in message
> news:0323EA05-A5AE-473D-9D03-E78C01900813@microsoft.com...
>>I am looking into using thin clients for internet kiosk's and
>>would like to
>> know if there is a clear document that tells me how to lock
>> down each users
>> terminal service session to only one app (IE) with little or no
>> permissions
>> on the TS file system?
>>
>> Just to make sure my question is clear here is the scenerio.
>> There will be multiple thin client computers (Wyse) that will
>> automatically
>> login to a windows 2008 terminal server. Upon login IE needs
>> to run and open
>> to a specific web page. No other access to the file system is
>> needed.
>>
>> Other users will approach the thin client and be prompted to
>> login with thier AD account. They will login and I would like
>> IE to load and for them
>> to have no other access to the TS.
>>
>> I am looking for the answer on how to lock down the users or
>> secure the TS from the clients so to speak.
>>
>> Thanks,
>> Dan
 
Re: Newbie Question - Lock down client access

And about 20-50 other settings to completely lock down the desktop. Start
menu, desktop itself, control panel, etc etc etc

Jeff Pitsch
Microsoft MVP - Terminal Services


"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns9AEED21485274veranoesthemutforsse@207.46.248.16...
> And Software Restriction Policies on the server, allowing only IE
> to be run.
>
> http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo
> wn.mspx
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 02 aug 2008
> in microsoft.public.windows.terminal_services:
>
>> I could write a book on this. The subject is way to broad to
>> answer here. I would recommend working with a consultant (me or
>> anyone else) to get you exactly what you want. I think in your
>> case you definitelyw ant to start with IE in kiosk mode.
>>
>> Jeff Pitsch
>> Microsoft MVP - Terminal Services
>>
>>
>> "DanSim" <DanSim@discussions.microsoft.com> wrote in message
>> news:0323EA05-A5AE-473D-9D03-E78C01900813@microsoft.com...
>>>I am looking into using thin clients for internet kiosk's and
>>>would like to
>>> know if there is a clear document that tells me how to lock
>>> down each users
>>> terminal service session to only one app (IE) with little or no
>>> permissions
>>> on the TS file system?
>>>
>>> Just to make sure my question is clear here is the scenerio.
>>> There will be multiple thin client computers (Wyse) that will
>>> automatically
>>> login to a windows 2008 terminal server. Upon login IE needs
>>> to run and open
>>> to a specific web page. No other access to the file system is
>>> needed.
>>>
>>> Other users will approach the thin client and be prompted to
>>> login with thier AD account. They will login and I would like
>>> IE to load and for them
>>> to have no other access to the TS.
>>>
>>> I am looking for the answer on how to lock down the users or
>>> secure the TS from the clients so to speak.
>>>
>>> Thanks,
>>> Dan
 

Similar threads

M
How to hide power cords in 5 seconds with one $24 Amazon find
Replies
0
Views
129
Maren Estrada
M
M
Wondering how to hide power cords? You need this $24 Amazon find
Replies
0
Views
73
Maren Estrada
M
M
$24 Amazon find hides all your ugly power cords and installs in 5 seconds with no tools
Replies
0
Views
82
Maren Estrada
M
C
Best iPhone 13 cases: How to protect your shiny new iPhone
Replies
0
Views
149
Christian de Looper
C
M
Never look at ugly power cords again thanks to this brilliant $24 gadget from Amazon
Replies
0
Views
145
Maren Estrada
M
Back
Top