Re: Restricting users to login on the server.

Hi,

Thanks for posting back.

If so, you can use "start a program on connection" policy to configures
Terminal Services to run a specified program automatically upon connection,
which locates under User configuration \Administrative Templates\ Windows
components\ Terminal server\ Start a program on connection.

By default, Terminal Services sessions provide access to the full Windows
desktop, unless otherwise specified with this setting, by the server
administrator, or by the user in configuring the client connection.

If the status is set to Enabled, Terminal Services sessions automatically
run the specified program and use the specified Working Directory (or the
program default directory, if Working Directory is not specified) as the
working directory for the program.

If the status is set to Disabled or Not Configured, Terminal Services
sessions start with the full desktop, unless the server administrator or
user specify otherwise. (See "Computer Configuration\Administrative
Templates\System\Logon\Run these programs at user logon" setting.)

Note: This setting appears in both Computer Configuration and User
Configuration. If both settings are configured, the Computer Configuration
setting overrides.

Please check it to see if it meets your demands. Thanks.


Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->Thread-Topic: Restricting users to login on the server.
--->thread-index: Acj3AMLcaENo1VURQDOUteSukpdmJw==
--->X-WBNR-Posting-Host: 207.46.19.197
--->From: =?Utf-8?B?RWxp?= <eli@xxxxxxxxxxxxxxxx>
--->References: <4F3D8F86-E968-4F7F-ACDB-E7096A896698@xxxxxxxxxxxxx>
<eQWlE4l9IHA.5684@xxxxxxxxxxxxxxxxxxxx>
<043D9B3A-4DF3-4639-BC5D-7F79B648D38C@xxxxxxxxxxxxx>
<O184ihm9IHA.3544@xxxxxxxxxxxxxxxxxxxx>
<FD9A15F1-B860-4D0F-A4A6-DCA871657696@xxxxxxxxxxxxx>
<jVBu1Pt9IHA.3476@xxxxxxxxxxxxxxxxxxxxxx>
--->Subject: Re: Restricting users to login on the server.
--->Date: Tue, 5 Aug 2008 06:40:02 -0700
--->Lines: 131
--->Message-ID: <C0BA6866-B740-4E2A-88DC-8EB6DDAEF8AD@xxxxxxxxxxxxx>
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> charset="Utf-8"
--->Content-Transfer-Encoding: 7bit
--->X-Newsreader: Microsoft CDO for Windows 2000
--->Content-Class: urn:content-classes:message
--->Importance: normal
--->Priority: normal
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
--->Newsgroups: microsoft.public.windows.terminal_services
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.terminal_services:19680
--->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
--->X-Tomcat-NG: microsoft.public.windows.terminal_services
--->
--->i don't want them to use anything else on the server or the server
itself.
--->like any other software that is installed, but not published to
--->remoteapp/webaccess.
--->or browsing internet, etc.
--->or saving
--->
--->"Morgan che(MSFT)" wrote:
--->
--->> Hi,
--->>
--->> Thanks for using this newsgroup.
--->>
--->> As Jeff' said, we can't prohibit users to login to the server via a
RDP
--->> session while allowing them to login via RemoteApp and WebAccess.
--->>
--->> You can understand these three methods are just different interfaces
to
--->> access resources on Terminal server. Indeed, the three methods use
the same
--->> authorization mechanism, the way of establishing connection between
client
--->> and Terminal server and require the same permissions to logon to
Terminal
--->> server. Moreover, Windows doesn't provide a function that can
restrict RDP
--->> access while allowing RemoteApp and WebAccess access.
--->>
--->> Could you please inform me why you want to prohibit users to login to
the
--->> server via a RDP session while allowing them to login via RemoteApp
and
--->> WebAccess? I will check if there is any feasible method to satisfy
your
--->> needs.
--->>
--->> Thanks.
--->>
--->>
--->> Sincerely
--->> Morgan Che
--->> Microsoft Online Support
--->> Microsoft Global Technical Support Center
--->>
--->> Get Secure! - www.microsoft.com/security
--->> =====================================================
--->> When responding to posts, please "Reply to Group" via your newsreader
so
--->> that others may learn and benefit from your issue.
--->> =====================================================
--->> This posting is provided "AS IS" with no warranties, and confers no
rights.
--->>
--->>
--->> --------------------
--->> --->Thread-Topic: Restricting users to login on the server.
--->> --->thread-index: Acj2alGkDlhWZ+GbRDuFTZhDMExcaQ==
--->> --->X-WBNR-Posting-Host: 207.46.19.168
--->> --->From: =?Utf-8?B?RWxp?= <eli@xxxxxxxxxxxxxxxx>
--->> --->References: <4F3D8F86-E968-4F7F-ACDB-E7096A896698@xxxxxxxxxxxxx>
--->> <eQWlE4l9IHA.5684@xxxxxxxxxxxxxxxxxxxx>
--->> <043D9B3A-4DF3-4639-BC5D-7F79B648D38C@xxxxxxxxxxxxx>
--->> <O184ihm9IHA.3544@xxxxxxxxxxxxxxxxxxxx>
--->> --->Subject: Re: Restricting users to login on the server.
--->> --->Date: Mon, 4 Aug 2008 12:43:07 -0700
--->> --->Lines: 47
--->> --->Message-ID: <FD9A15F1-B860-4D0F-A4A6-DCA871657696@xxxxxxxxxxxxx>
--->> --->MIME-Version: 1.0
--->> --->Content-Type: text/plain;
--->> ---> charset="Utf-8"
--->> --->Content-Transfer-Encoding: 7bit
--->> --->X-Newsreader: Microsoft CDO for Windows 2000
--->> --->Content-Class: urn:content-classes:message
--->> --->Importance: normal
--->> --->Priority: normal
--->> --->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
--->> --->Newsgroups: microsoft.public.windows.terminal_services
--->> --->Path: TK2MSFTNGHUB02.phx.gbl
--->> --->Xref: TK2MSFTNGHUB02.phx.gbl
--->> microsoft.public.windows.terminal_services:19658
--->> --->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
--->> --->X-Tomcat-NG: microsoft.public.windows.terminal_services
--->> --->
--->> --->let's wait, maybe someone from microsoft will answer it.
--->> --->
--->> --->"Jeff Pitsch" wrote:
--->> --->
--->> --->> The same as it for citrix or any other TS vendor. It's a very
simple
--->> matter
--->> --->> to lock down the desktop and the advantages of remote apps are
pretty
--->> clear
--->> --->> especially if your planningo n using them. Now I may be wrong
and
--->> there may
--->> --->> be a way of disabling getting to the desktop but I don't think
there
--->> is.
--->> --->>
--->> --->> Jeff Pitsch
--->> --->> Microsoft MVP - Terminal Services
--->> --->>
--->> --->>
--->> --->> "Eli" <eli@xxxxxxxxxxxxxxxx> wrote in message
--->> --->> news:043D9B3A-4DF3-4639-BC5D-7F79B648D38C@xxxxxxxxxxxxxxxx
--->> --->> > Then what's the point of RemoteApp if one can just login to
--->> terminal
--->> --->> > server
--->> --->> > itself and use applications on it?
--->> --->> >
--->> --->> >
--->> --->> > "Jeff Pitsch" wrote:
--->> --->> >
--->> --->> >> I don't think you can. Your best bet is to completely lock
down
--->> the
--->> --->> >> desktop
--->> --->> >> so that only the start menu and logoff button are available.
If
--->> the
--->> --->> >> users
--->> --->> >> can't do anything then they won't be tempted to go to the
desktop.
--->> This
--->> --->> >> is
--->> --->> >> very easy to do by the way with Group Policy.
--->> --->> >>
--->> --->> >> Jeff Pitsch
--->> --->> >> Microsoft MVP - Terminal Services
--->> --->> >>
--->> --->> >>
--->> --->> >> "Eli" <eli@xxxxxxxxxxxxxxxx> wrote in message
--->> --->> >> news:4F3D8F86-E968-4F7F-ACDB-E7096A896698@xxxxxxxxxxxxxxxx
--->> --->> >> > Windows 2008 SP1
--->> --->> >> > How can I prohibit users to login on the server thru a
regular
--->> RDP
--->> --->> >> > session
--->> --->> >> > while allowing them to use RemoteApp and WebAccess?
--->> --->> >> >
--->> --->> >>
--->> --->> >>
--->> --->> >>
--->> --->>
--->> --->>
--->> --->>
--->> --->
--->>
--->>
--->

.