lockdown TS session desktops



We are going to install TS on a Windows server 2003 unit. We have 4 users
who will be working from home and who also work at the office. These users
will be using a single application on the TS server. What we would like to
do is lockdown the individual TS session by restricting the desktops AND,
even better, execute the application immediately when they login to the
server. If that is not possible, we'd like to restrict the desktop to only
show the application icon and nothing else....and, remove some critical
systems functions like the RUN command, Control Panet, etc. How can that be
best done?



Vera Noest [MVP]

Use a Group Policy to lockdown the desktop, remove unwanted items
from the Start Menu, redirect folders and define a starting
Use NTFS permissions on the file system to further lockdown the
terminal server.

Note that defining a starting application doesn't mean that you
don't have to lockdown the Terminal Server with other means. Users
will still be able to access the file system from within most
apllications, so you'll need the NTFS restrictions anyway.

Use loopback processing of the GPO with the Replace option to make
sure that you only lock the users down when they logon to the
Terminal Server, and not when they logon to their workstation.

260370 - How to Apply Group Policy Objects to Terminal Services

231287 - Loopback Processing of Group Policy

Locking Down Windows Server 2003 Terminal Server Sessions

Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
___ please respond in newsgroup, NOT by private email ___

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question