lockdown TS session desktops

[Guest]

We are going to install TS on a Windows server 2003 unit. We have 4 users
who will be working from home and who also work at the office. These users
will be using a single application on the TS server. What we would like to
do is lockdown the individual TS session by restricting the desktops AND,
even better, execute the application immediately when they login to the
server. If that is not possible, we'd like to restrict the desktop to only
show the application icon and nothing else....and, remove some critical
systems functions like the RUN command, Control Panet, etc. How can that be
best done?

 

[Vera Noest [MVP]]

Use a Group Policy to lockdown the desktop, remove unwanted items
from the Start Menu, redirect folders and define a starting
application.
Use NTFS permissions on the file system to further lockdown the
terminal server.

Note that defining a starting application doesn't mean that you
don't have to lockdown the Terminal Server with other means. Users
will still be able to access the file system from within most
apllications, so you'll need the NTFS restrictions anyway.

Use loopback processing of the GPO with the Replace option to make
sure that you only lock the users down when they logon to the
Terminal Server, and not when they logon to their workstation.

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/tech
nologies/terminal/trmlckd.mspx

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
___ please respond in newsgroup, NOT by private email ___