Re: Restricting access on TS 2000
From: Patrick Rouse [MVP] (anonymous_at_discussions.microsoft.com)
Date: 02/07/04
- Next message: Rich Raffenetti: "Limit to one session, console or remote?"
- Previous message: Vera Noest [MVP]: "Re: TS is NOT installed but remote admin no longer works!"
- In reply to: Gregg Hill: "Re: Restricting access on TS 2000"
- Next in thread: Gregg Hill: "Re: Restricting access on TS 2000"
- Reply: Gregg Hill: "Re: Restricting access on TS 2000"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 7 Feb 2004 08:25:26 -0800
Start -> Run -> gpedit.msc
https://s.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/windowsserver2003/maintain/securit
y/TrmLckD.asp
NTFS Permissions:
C:\ - System & Administrators (Full), Authenticated Users
(Read & Execute)
C:\Program Files - System & Administrators (Full),
Authenticated Users (Read & Execute)
I also restrict access (remove authenticated users from
the ACL, leave only system & administrators) to any CPL
File that the user has no business playing with, all MSC
Files, hordes of exe files in the System32 Directory, i.e.
arp, at, attrib, bootcfg, cacls, chkntfs, cipher, convert,
cleanmgr, defrag, diskpart, eventvwr, finger, ftp,
hostname, ipconfig, mnmsrvc, mobsync, mstsc, nbtstat,
netstat, netsh, nslookup, ntbackup, pathping, ping,
progman, reg, regedt32, regsrv32, route, secedit, syncapp,
telnet, tracert, utilman, winchat, regedit (in windows
directory)
In conjunction with Group Policy these keep users out of
things they shouldn't be using, either on purpose or by
accident. I find allowing users to create any local
directories outside of their user profile to be a BAD Idea.
Patrick Rouse
Microsoft MVP - Terminal Server
www.workthin.com
>-----Original Message-----
>Patrick,
>
>Thanks for the response. I'll look into how to do it.
>
>Gregg Hill
>
>
>"Patrick Rouse [MVP]"
<anonymous@discussions.microsoft.com> wrote in message
>news:c3bb01c3ed1d$dd1a03d0$a601280a@phx.gbl...
>> You can still restrict with the local security policy
and
>> NTFS Permissions and set this program as the session
shell
>> (Start the following program on connection) in the
user's
>> account.
>>
>> Patrick Rouse
>> Microsoft MVP - Terminal Server
>> www.workthin.com
>> >-----Original Message-----
>> >Hello!
>> >
>> >Can a Win2000 Terminal Server restrict items such as
the
>> run command,
>> >desktop changes, etc., with it being only a member
server
>> in an NT4 domain?
>> >Or do I need a Win2000/2003 AD controller set up to
limit
>> user access? I
>> >want to give TS users access to only one application,
no
>> drives, no Internet
>> >from the TS, no changes to the system.
>> >
>> >Thank you for your help!
>> >
>> >Gregg Hill
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Rich Raffenetti: "Limit to one session, console or remote?"
- Previous message: Vera Noest [MVP]: "Re: TS is NOT installed but remote admin no longer works!"
- In reply to: Gregg Hill: "Re: Restricting access on TS 2000"
- Next in thread: Gregg Hill: "Re: Restricting access on TS 2000"
- Reply: Gregg Hill: "Re: Restricting access on TS 2000"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
