Jump to content

Newbie Question - Lock down client access

Guest DanSim

By Guest DanSim
in Windows NT Server

 Share

Recommended Posts

Guest DanSim

Guest DanSim

Posted
Posted

I am looking into using thin clients for internet kiosk's and would like to

know if there is a clear document that tells me how to lock down each users

terminal service session to only one app (IE) with little or no permissions

on the TS file system?

 

Just to make sure my question is clear here is the scenerio.

There will be multiple thin client computers (Wyse) that will automatically

login to a windows 2008 terminal server. Upon login IE needs to run and open

to a specific web page. No other access to the file system is needed.

 

Other users will approach the thin client and be prompted to login with

thier AD account. They will login and I would like IE to load and for them

to have no other access to the TS.

 

I am looking for the answer on how to lock down the users or secure the TS

from the clients so to speak.

 

Thanks,

Dan

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Newbie Question - Lock down client access

 

I could write a book on this. The subject is way to broad to answer here.

I would recommend working with a consultant (me or anyone else) to get you

exactly what you want. I think in your case you definitelyw ant to start

with IE in kiosk mode.

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

 

"DanSim" <DanSim@discussions.microsoft.com> wrote in message

news:0323EA05-A5AE-473D-9D03-E78C01900813@microsoft.com...

>I am looking into using thin clients for internet kiosk's and would like to

> know if there is a clear document that tells me how to lock down each

> users

> terminal service session to only one app (IE) with little or no

> permissions

> on the TS file system?

>

> Just to make sure my question is clear here is the scenerio.

> There will be multiple thin client computers (Wyse) that will

> automatically

> login to a windows 2008 terminal server. Upon login IE needs to run and

> open

> to a specific web page. No other access to the file system is needed.

>

> Other users will approach the thin client and be prompted to login with

> thier AD account. They will login and I would like IE to load and for

> them

> to have no other access to the TS.

>

> I am looking for the answer on how to lock down the users or secure the TS

> from the clients so to speak.

>

> Thanks,

> Dan

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Newbie Question - Lock down client access

 

And Software Restriction Policies on the server, allowing only IE

to be run.

 

http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo

wn.mspx

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 02 aug 2008

in microsoft.public.windows.terminal_services:

> I could write a book on this. The subject is way to broad to

> answer here. I would recommend working with a consultant (me or

> anyone else) to get you exactly what you want. I think in your

> case you definitelyw ant to start with IE in kiosk mode.

>

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

>

> "DanSim" <DanSim@discussions.microsoft.com> wrote in message

> news:0323EA05-A5AE-473D-9D03-E78C01900813@microsoft.com...

>>I am looking into using thin clients for internet kiosk's and

>>would like to

>> know if there is a clear document that tells me how to lock

>> down each users

>> terminal service session to only one app (IE) with little or no

>> permissions

>> on the TS file system?

>>

>> Just to make sure my question is clear here is the scenerio.

>> There will be multiple thin client computers (Wyse) that will

>> automatically

>> login to a windows 2008 terminal server. Upon login IE needs

>> to run and open

>> to a specific web page. No other access to the file system is

>> needed.

>>

>> Other users will approach the thin client and be prompted to

>> login with thier AD account. They will login and I would like

>> IE to load and for them

>> to have no other access to the TS.

>>

>> I am looking for the answer on how to lock down the users or

>> secure the TS from the clients so to speak.

>>

>> Thanks,

>> Dan

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: Newbie Question - Lock down client access

 

And about 20-50 other settings to completely lock down the desktop. Start

menu, desktop itself, control panel, etc etc etc

 

Jeff Pitsch

Microsoft MVP - Terminal Services

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9AEED21485274veranoesthemutforsse@207.46.248.16...

> And Software Restriction Policies on the server, allowing only IE

> to be run.

>

> http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo

> wn.mspx

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote on 02 aug 2008

> in microsoft.public.windows.terminal_services:

>

>> I could write a book on this. The subject is way to broad to

>> answer here. I would recommend working with a consultant (me or

>> anyone else) to get you exactly what you want. I think in your

>> case you definitelyw ant to start with IE in kiosk mode.

>>

>> Jeff Pitsch

>> Microsoft MVP - Terminal Services

>>

>>

>> "DanSim" <DanSim@discussions.microsoft.com> wrote in message

>> news:0323EA05-A5AE-473D-9D03-E78C01900813@microsoft.com...

>>>I am looking into using thin clients for internet kiosk's and

>>>would like to

>>> know if there is a clear document that tells me how to lock

>>> down each users

>>> terminal service session to only one app (IE) with little or no

>>> permissions

>>> on the TS file system?

>>>

>>> Just to make sure my question is clear here is the scenerio.

>>> There will be multiple thin client computers (Wyse) that will

>>> automatically

>>> login to a windows 2008 terminal server. Upon login IE needs

>>> to run and open

>>> to a specific web page. No other access to the file system is

>>> needed.

>>>

>>> Other users will approach the thin client and be prompted to

>>> login with thier AD account. They will login and I would like

>>> IE to load and for them

>>> to have no other access to the TS.

>>>

>>> I am looking for the answer on how to lock down the users or

>>> secure the TS from the clients so to speak.

>>>

>>> Thanks,

>>> Dan

 Share
Go to topic listing
×
×
  • Create New...