Re: How hard is it to config Win2003 to serve a single app and offer users little else?
- From: kiln <kiln@xxxxxxxxxxxxxx>
- Date: Wed, 21 Dec 2005 16:01:15 -0800
Hi Vera and thanks again for that pointer. I see that the RD Connection
dialog has a Programs tab that lets one start up a program when the TS
session is initiated. But why couldn't the user just remove that setting
from their RD Connection and then start up with the desktop and all? I
know perms have to be controlled in any case. But is there something
basic I'm missing that would prevent a RD user from only being able to
start just one app? I was expecting a setting on the server end. In AD
for each user there is an environment tab but I don't think it locks
down the user to just one app they can run.
In article <Xns9732F0CBAECADveranoesthemutforsse@xxxxxxxxxxxxx>,
vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> You can configure your Terminal Server to start a specific
> application upon connection. This means that users will not even
> see the TS desktop, but will be logged of their session
> automatically when they exit the application.
> Besides that, you can (and should!) use a Group Policy to restrict
> what users can do on your TS and NTFS permissions on the file
> system to lock it down further.
>
> 278295 - How to lock down a Windows Server 2003 or Windows 2000
> Terminal Server session
> http://support.microsoft.com/?kbid=278295
>
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> kiln <kiln@xxxxxxxxxxxxxx> wrote on 20 dec 2005 in
> microsoft.public.windows.terminal_services:
>
> > New to ts, more or less. I have an application that I'd like to
> > offer via terminal services to users over the internet. I've
> > dialed in to ts boxes using remote desktop, but I've always be a
> > person with admin priviledges, so I could do almost anything on
> > that machine. For the use I'm thinking about now, I'd have a
> > bunch of users dialing in in order to use one application that
> > I've designed. I'd not want those users to be able to start IE,
> > reboot the pc, use windows explorer, those sorts of tasks that
> > regular users can do. I'm pretty sure it's possible to restrict
> > those 'user' remote desktop sessions to the minimum needed for
> > my app, but how hard is it to do? Does one config for this
> > manually or are there like scripts that can config for me? I'm
> > likley to have a dedicated box for this, so I'd be able to
> > config as needed. I tried searching for this in the newgroup but
> > I couldn't come up with the right terms to query for, so I
> > apologise if this topic has been asked too many times.
>
.
- Follow-Ups:
- Re: How hard is it to config Win2003 to serve a single app and offer users little else?
- From: Vera Noest [MVP]
- Re: How hard is it to config Win2003 to serve a single app and offer users little else?
- References:
- Prev by Date: Re: Licensing Process
- Next by Date: Re: Licensing Process
- Previous by thread: Re: How hard is it to config Win2003 to serve a single app and offer users little else?
- Next by thread: Re: How hard is it to config Win2003 to serve a single app and offer users little else?
- Index(es):
Relevant Pages
|
