Guest Jarryd Posted July 30, 2008 Posted July 30, 2008 Hi, Right, I have installed TS Server (+ licencing) on a Windows Server 2003 SE box. It all works brilliantly apart from the fact that it always has to do a mini install when you open up the first Office 2003 application of the session. This is not my major concern, but if someone has an answer... Here's is the thing:I kind of figured that you would be able to lock down what was available to specific users in terms of "server" local disk drive access and installed applications. Ideally I would like the user to log in and be able to see and access a My Docs folder that is theirs alone + mapped drives, and only be able to use applications that are assigned to them. With regards to the latter, of course you only want to install Office, for example, once, but then you would like to be able to tell TS which user or group gets to use it. I have read a bit and this does not seem possible. Are their 3rd party tools for this? What I have seen is that apps, and these are purely for my Net Admin use (e.g. Watchguard System Manager / firewall), are able to be opened by TS users. The only way I can think of locking this down is with file permissions. But what do you do about the Windows folder? It would be easier if these drives were simply hidden. Again, is their a 3rd party tool that does this? TIA, Jarryd
Guest Vera Noest [MVP] Posted July 30, 2008 Posted July 30, 2008 Re: Terminal Services You can do all this with a number of 3rd party tools, but also with native tools like Group Policies and NTFS permissions. Here are some starters: How can I configure different TS desktops, based on user group membership? http://ts.veranoest.net/ts_faq_configuration.htm#desktopredirection 231289 - Using Group Policy Objects to hide specified drives http://support.microsoft.com/?kbid=231289 Note that hiding a drive is just a cosmetic feature, you still need to protect it with NTFS permissions. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ "Jarryd" <jarryd@community.nospam> wrote on 30 jul 2008 in microsoft.public.windows.terminal_services: > Hi, > > Right, I have installed TS Server (+ licencing) on a Windows > Server 2003 SE box. It all works brilliantly apart from the > fact that it always has to do a mini install when you open up > the first Office 2003 application of the session. This is not > my major concern, but if someone has an answer... > > Here's is the thing:I kind of figured that you would be able to > lock down what was available to specific users in terms of > "server" local disk drive access and installed applications. > Ideally I would like the user to log in and be able to see and > access a My Docs folder that is theirs alone + mapped drives, > and only be able to use applications that are assigned to them. > With regards to the latter, of course you only want to install > Office, for example, once, but then you would like to be able to > tell TS which user or group gets to use it. I have read a bit > and this does not seem possible. Are their 3rd party tools for > this? What I have seen is that apps, and these are purely for > my Net Admin use (e.g. Watchguard System Manager / firewall), > are able to be opened by TS users. The only way I can think of > locking this down is with file permissions. But what do you do > about the Windows folder? It would be easier if these drives > were simply hidden. Again, is their a 3rd party tool that does > this? > > TIA, > > Jarryd
Guest Jeff Pitsch Posted July 30, 2008 Posted July 30, 2008 Re: Terminal Services A hint: Group Policy I could spend a lot of time going over each and every setting you could use to do this but I don't have time to write a book right. :) j/k but it's not that far off from the truth. You can do pretty much everything you want with Group Policy and NTFS permissions and some work. Jeff Pitsch Microsoft MVP - Terminal Services "Jarryd" <jarryd@community.nospam> wrote in message news:ek32q%23h8IHA.3736@TK2MSFTNGP06.phx.gbl... > Hi, > > Right, I have installed TS Server (+ licencing) on a Windows Server 2003 > SE box. It all works brilliantly apart from the fact that it always has > to do a mini install when you open up the first Office 2003 application of > the session. This is not my major concern, but if someone has an > answer... > > Here's is the thing:I kind of figured that you would be able to lock down > what was available to specific users in terms of "server" local disk drive > access and installed applications. Ideally I would like the user to log > in and be able to see and access a My Docs folder that is theirs alone + > mapped drives, and only be able to use applications that are assigned to > them. With regards to the latter, of course you only want to install > Office, for example, once, but then you would like to be able to tell TS > which user or group gets to use it. I have read a bit and this does not > seem possible. Are their 3rd party tools for this? What I have seen is > that apps, and these are purely for my Net Admin use (e.g. Watchguard > System Manager / firewall), are able to be opened by TS users. The only > way I can think of locking this down is with file permissions. But what > do you do about the Windows folder? It would be easier if these drives > were simply hidden. Again, is their a 3rd party tool that does this? > > TIA, > > Jarryd >
Guest Jarryd Posted July 30, 2008 Posted July 30, 2008 Re: Terminal Services OK, no problem. I'll check it out. The only thing is that I always thought that I have never figured out how to assign a specific Group Policy to a specific user or group. I know that you are supposed to Security filtering, but I just never managed to get it to work. I think its the inheritance that stumps me, and I haven't ever spent enough time on it. Well, I guess now is that time. Just a quick one if you could, the ability to disable apps would be via GP or file permissions (or both??). TIA, Jarryd "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message news:eD4ubzj8IHA.2332@TK2MSFTNGP03.phx.gbl... >A hint: Group Policy > > I could spend a lot of time going over each and every setting you could > use to do this but I don't have time to write a book right. :) j/k but > it's not that far off from the truth. You can do pretty much everything > you want with Group Policy and NTFS permissions and some work. > > Jeff Pitsch > Microsoft MVP - Terminal Services > > > "Jarryd" <jarryd@community.nospam> wrote in message > news:ek32q%23h8IHA.3736@TK2MSFTNGP06.phx.gbl... >> Hi, >> >> Right, I have installed TS Server (+ licencing) on a Windows Server 2003 >> SE box. It all works brilliantly apart from the fact that it always has >> to do a mini install when you open up the first Office 2003 application >> of the session. This is not my major concern, but if someone has an >> answer... >> >> Here's is the thing:I kind of figured that you would be able to lock down >> what was available to specific users in terms of "server" local disk >> drive access and installed applications. Ideally I would like the user >> to log in and be able to see and access a My Docs folder that is theirs >> alone + mapped drives, and only be able to use applications that are >> assigned to them. With regards to the latter, of course you only want to >> install Office, for example, once, but then you would like to be able to >> tell TS which user or group gets to use it. I have read a bit and this >> does not seem possible. Are their 3rd party tools for this? What I have >> seen is that apps, and these are purely for my Net Admin use (e.g. >> Watchguard System Manager / firewall), are able to be opened by TS users. >> The only way I can think of locking this down is with file permissions. >> But what do you do about the Windows folder? It would be easier if these >> drives were simply hidden. Again, is their a 3rd party tool that does >> this? >> >> TIA, >> >> Jarryd >> > >
Recommended Posts