Guest nospam@nospam.com Posted June 28, 2008 Posted June 28, 2008 Hello I'm no Windows Server expect, and need to lock down the TS desktop users see when connecting. This is actually a server that prospects use to evaluate our application, and all users will use the same login/password. Basically, I'd like to only have a single icon on the desktop to launch our app, and a single item in the Start menu that says "Disconnect", to make sure users really close the session so that the next user doesn't see a running session. In addition, I'd like to run a batch file after a user has logged out, so as to put pristine data back, in case the previous user has left some identifying information. According to Google, it looks like all this is done through the Group Policy Editor (English translation mine), but there are so many options in the Computer and User sections, that I don't know what to do. Could someone tell me how to get a bare TS desktop? Thank you.
Guest Gilles Ganault Posted June 28, 2008 Posted June 28, 2008 Re: [2003] Locking down desktop? On Sat, 28 Jun 2008 14:23:09 +0200, "nospam@nospam.com" <Gilles> wrote: >According to Google, it looks like all this is done through the Group >Policy Editor (English translation mine), but there are so many >options in the Computer and User sections, that I don't know what to >do. I could make changes using gpedit.msc, but how can set those for a given user, and not affect other user? Thank you.
Guest moncho Posted June 30, 2008 Posted June 30, 2008 Re: [2003] Locking down desktop? Gilles Ganault wrote: > On Sat, 28 Jun 2008 14:23:09 +0200, "nospam@nospam.com" <Gilles> > wrote: >> According to Google, it looks like all this is done through the Group >> Policy Editor (English translation mine), but there are so many >> options in the Computer and User sections, that I don't know what to >> do. > > I could make changes using gpedit.msc, but how can set those for a > given user, and not affect other user? > > Thank you. You can try looking at http://www.sessioncomputing.com/security.htm and see what will apply to your situation. In this document there is a third party app to help you lock down TS. I understand that your systems in a workgroup but you have MUCH more flexibility if it was in an A/D. moncho
Guest Gilles Ganault Posted July 1, 2008 Posted July 1, 2008 Re: [2003] Locking down desktop? On Mon, 30 Jun 2008 08:07:12 -0400, moncho <moncho@NOspmanywhere.com> wrote: >I understand that your systems in a workgroup but you have MUCH >more flexibility if it was in an A/D. I know, but the Powers that be don't want this server to run AD. Don't ask :) What I really want, is that this user will just have a bare, unmodifiable desktop where he can only click on a shortcut on the desktop, and click on LogOff in the Start menu. I could do this through the Group Policy Editor (gpedit.msc, through its Computer/User sections), but those apply to all users, not just this single TS user. Thank you.
Guest Vera Noest [MVP] Posted July 1, 2008 Posted July 1, 2008 Re: [2003] Locking down desktop? Gilles Ganault <nospam@nospam.com> wrote on 01 jul 2008 in microsoft.public.windows.terminal_services: > On Mon, 30 Jun 2008 08:07:12 -0400, moncho > <moncho@NOspmanywhere.com> wrote: >>I understand that your systems in a workgroup but you have MUCH >>more flexibility if it was in an A/D. > > I know, but the Powers that be don't want this server to run AD. > Don't ask :) > > What I really want, is that this user will just have a bare, > unmodifiable desktop where he can only click on a shortcut on > the desktop, and click on LogOff in the Start menu. > > I could do this through the Group Policy Editor (gpedit.msc, > through its Computer/User sections), but those apply to all > users, not just this single TS user. That's one of the major draw-backs of a local policy, there is no easy way to use security filtering. There's a workaround, but be careful when implementing it, you can easily lock yourself out of the system. Make sure you have a full backup before using this method: How can I lock down my standalone TS with a local policy without locking down the Administrator account? http://ts.veranoest.net/ts_faq_configuration.htm#local_policy _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___
Recommended Posts