Jump to content

Terminal Server Client Access - Full Desktop with single application access

Guest benxxv via WinServerKB.com

By Guest benxxv via WinServerKB.com
in Windows NT Server

 Share

Recommended Posts

Guest benxxv via WinServerKB.com

Guest benxxv via WinServerKB.com

Posted
Posted

Hi,

 

I have terminal server and one application.

 

I want to give the end user, full desktop with only my application icon on

the desktop.

 

I have a problem if I give the user only application access without the full

desktop access.

 

So, any one can guide me - Full Desktop with just my application Icon on the

desktop.

 

Regards,

 

--

Message posted via WinServerKB.com

http://www.winserverkb.com/Uwe/Forums.aspx/windows-ts/200711/1

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Terminal Server Client Access - Full Desktop with single application access

 

Use a Group Policy with Folder redirection, redirect them to a

custom Desktop folder and put a shortcut to your application in the

custom desktop folder. Make the folder Read-Only with NTFS

permissions.

 

User Configuration - Windows Settings - Folder Redirection

Desktop

 

and since this is a user setting, you'll also need to use loopback

processing of the GPO:

 

Computer Configuration - Administrative Templates - System - Group

Policy

"User Group Policy loopback processing mode" - "Replace"

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"benxxv via WinServerKB.com" <u30064@uwe> wrote on 22 nov 2007 in

microsoft.public.windows.terminal_services:

> Hi,

>

> I have terminal server and one application.

>

> I want to give the end user, full desktop with only my

> application icon on the desktop.

>

> I have a problem if I give the user only application access

> without the full desktop access.

>

> So, any one can guide me - Full Desktop with just my application

> Icon on the desktop.

>

> Regards,

Guest benxxv via WinServerKB.com

Guest benxxv via WinServerKB.com

Posted
Posted

Re: Terminal Server Client Access - Full Desktop with single application access

 

Dear Vera,

 

Thankyou, I implemented the GPO, but my intended purpose is not achieved.

 

I require to provide the RDP user with the following.

 

01. Full Desktop

02. Desktop Icon with my application

03. No Tasks visible running in the task tray

04. When the user clicks on Start - All Programs - Nothing to be visible

05. No Windows Explorer access - so that, they cannot browse the server

harddisk or anything on the server

 

With the GPO settings you provided, user can goto Start - All Programs and

can see all the softwares installed on the terminal server and able to run

the application.

 

I just want, a lockeddown desktop with my application desktop icon access

only.

 

May be my requirement is strange, but is this possible to implement in

Terminal Server or do I need to go for Citrix?

 

Regards.

 

Vera Noest [MVP] wrote:

>Use a Group Policy with Folder redirection, redirect them to a

>custom Desktop folder and put a shortcut to your application in the

>custom desktop folder. Make the folder Read-Only with NTFS

>permissions.

>

>User Configuration - Windows Settings - Folder Redirection

>Desktop

>

>and since this is a user setting, you'll also need to use loopback

>processing of the GPO:

>

>Computer Configuration - Administrative Templates - System - Group

>Policy

>"User Group Policy loopback processing mode" - "Replace"

>_________________________________________________________

>Vera Noest

>MCSE, CCEA, Microsoft MVP - Terminal Server

>TS troubleshooting: http://ts.veranoest.net

>___ please respond in newsgroup, NOT by private email ___

>

>"benxxv via WinServerKB.com" <u30064@uwe> wrote on 22 nov 2007 in

>microsoft.public.windows.terminal_services:

>

>> Hi,

>>

>

>>

>> Regards,

 

--

Message posted via http://www.winserverkb.com

Guest Vera Noest [MVP]

Guest Vera Noest [MVP]

Posted
Posted

Re: Terminal Server Client Access - Full Desktop with single application access

 

Using a custom redirected desktop is only part of your solution.

You will also need a redirected custom start menu, with a start

menu which only contains the applications of your choice, you'll

need to empty the Default User Start menu on the server, and use a

number of other lockdown policy settings, like the ability to

right-click, case-sensitive menus, hide drives, etc, etc.

 

You will still not be able to get everything that you want, but I

assume that the important thing is that you make it impossible for

the users to do anything potentially harmfull to the server.

 

The best way to reach that goal is using NTFS permissions and

Software restriction policies. Users will still be able to *see*

some options, but will get an "This feature has been disabled"

error when they try to use them.

 

Here's some reading:

 

Locking Down Windows Server 2003 Terminal Server Sessions

http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo

wn.mspx

 

Using Software Restriction Policies to Protect Against Unauthorized

Software

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstr

plcy.mspx

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"benxxv via WinServerKB.com" <u30064@uwe> wrote on 23 nov 2007 in

microsoft.public.windows.terminal_services:

> Dear Vera,

>

> Thankyou, I implemented the GPO, but my intended purpose is not

> achieved.

>

> I require to provide the RDP user with the following.

>

> 01. Full Desktop

> 02. Desktop Icon with my application

> 03. No Tasks visible running in the task tray

> 04. When the user clicks on Start - All Programs - Nothing to be

> visible 05. No Windows Explorer access - so that, they cannot

> browse the server harddisk or anything on the server

>

> With the GPO settings you provided, user can goto Start - All

> Programs and can see all the softwares installed on the terminal

> server and able to run the application.

>

> I just want, a lockeddown desktop with my application desktop

> icon access only.

>

> May be my requirement is strange, but is this possible to

> implement in Terminal Server or do I need to go for Citrix?

>

> Regards.

>

> Vera Noest [MVP] wrote:

>>Use a Group Policy with Folder redirection, redirect them to a

>>custom Desktop folder and put a shortcut to your application in

>>the custom desktop folder. Make the folder Read-Only with NTFS

>>permissions.

>>

>>User Configuration - Windows Settings - Folder Redirection

>>Desktop

>>

>>and since this is a user setting, you'll also need to use

>>loopback processing of the GPO:

>>

>>Computer Configuration - Administrative Templates - System -

>>Group Policy

>>"User Group Policy loopback processing mode" - "Replace"

>>_________________________________________________________

>>Vera Noest

>>MCSE, CCEA, Microsoft MVP - Terminal Server

>>TS troubleshooting: http://ts.veranoest.net

>>___ please respond in newsgroup, NOT by private email ___

>>

>>"benxxv via WinServerKB.com" <u30064@uwe> wrote on 22 nov 2007

>>in microsoft.public.windows.terminal_services:

>>

>>> Hi,

>>>

>>

>>>

>>> Regards,

Guest benxxv via WinServerKB.com

Guest benxxv via WinServerKB.com

Posted
Posted

Re: Terminal Server Client Access - Full Desktop with single application access

 

Dear Vera,

 

Thankyou.

 

Let me study info provided by you and steamline the process and will update

you on the results shortly.

 

Regards.

 

Vera Noest [MVP] wrote:

>Using a custom redirected desktop is only part of your solution.

>You will also need a redirected custom start menu, with a start

>menu which only contains the applications of your choice, you'll

>need to empty the Default User Start menu on the server, and use a

>number of other lockdown policy settings, like the ability to

>right-click, case-sensitive menus, hide drives, etc, etc.

>

>You will still not be able to get everything that you want, but I

>assume that the important thing is that you make it impossible for

>the users to do anything potentially harmfull to the server.

>

>The best way to reach that goal is using NTFS permissions and

>Software restriction policies. Users will still be able to *see*

>some options, but will get an "This feature has been disabled"

>error when they try to use them.

>

>Here's some reading:

>

>Locking Down Windows Server 2003 Terminal Server Sessions

>http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdo

>wn.mspx

>

>Using Software Restriction Policies to Protect Against Unauthorized

>Software

>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstr

>plcy.mspx

>_________________________________________________________

>Vera Noest

>MCSE, CCEA, Microsoft MVP - Terminal Server

>TS troubleshooting: http://ts.veranoest.net

>___ please respond in newsgroup, NOT by private email ___

>

>"benxxv via WinServerKB.com" <u30064@uwe> wrote on 23 nov 2007 in

>microsoft.public.windows.terminal_services:

>

>> Dear Vera,

>>

>

>>>>

>>>> Regards,

 

--

Message posted via WinServerKB.com

http://www.winserverkb.com/Uwe/Forums.aspx/windows-ts/200711/1

Guest ThomasT.

Guest ThomasT.

Posted
Posted

Re: Terminal Server Client Access - Full Desktop with single application access

 

Hi,

You can use Remote Application Center to publish application on the server:

http://www.mqtechnologies.com

 

Regards

 

ThomasT.

 

 

"benxxv via WinServerKB.com" <u30064@uwe> wrote in message

news:7ba25a9a98af0@uwe...

> Dear Vera,

>

> Thankyou, I implemented the GPO, but my intended purpose is not achieved.

>

> I require to provide the RDP user with the following.

>

> 01. Full Desktop

> 02. Desktop Icon with my application

> 03. No Tasks visible running in the task tray

> 04. When the user clicks on Start - All Programs - Nothing to be visible

> 05. No Windows Explorer access - so that, they cannot browse the server

> harddisk or anything on the server

>

> With the GPO settings you provided, user can goto Start - All Programs and

> can see all the softwares installed on the terminal server and able to run

> the application.

>

> I just want, a lockeddown desktop with my application desktop icon access

> only.

>

> May be my requirement is strange, but is this possible to implement in

> Terminal Server or do I need to go for Citrix?

>

> Regards.

>

> Vera Noest [MVP] wrote:

>>Use a Group Policy with Folder redirection, redirect them to a

>>custom Desktop folder and put a shortcut to your application in the

>>custom desktop folder. Make the folder Read-Only with NTFS

>>permissions.

>>

>>User Configuration - Windows Settings - Folder Redirection

>>Desktop

>>

>>and since this is a user setting, you'll also need to use loopback

>>processing of the GPO:

>>

>>Computer Configuration - Administrative Templates - System - Group

>>Policy

>>"User Group Policy loopback processing mode" - "Replace"

>>_________________________________________________________

>>Vera Noest

>>MCSE, CCEA, Microsoft MVP - Terminal Server

>>TS troubleshooting: http://ts.veranoest.net

>>___ please respond in newsgroup, NOT by private email ___

>>

>>"benxxv via WinServerKB.com" <u30064@uwe> wrote on 22 nov 2007 in

>>microsoft.public.windows.terminal_services:

>>

>>> Hi,

>>>

>>

>>>

>>> Regards,

>

> --

> Message posted via http://www.winserverkb.com

>

 Share
Go to topic listing
×
×
  • Create New...