blocking access to explorer on a terminal server session

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have configured group policy to lock down the terminal server on our
windows 2003 server; however, if the user clicks start > then double clicks
"programs" they are still able to access the explorer and "snoop" around.
Does anyone know of a way to deny access to the explorer? We are running an
old dos application which prevents us from using the run a single application
feature (which I know would prevent a user from accessing anything on the
desktop - even a start menu).
 
Use NTFS permissions on the file system to keep users out sensitive
areas of the server disks. The default permissions on a 2003 server
should already do this, provided that you didn't give your users
elevated user rights, and that you installed Terminal Services in
"Full Security" compatibility mode.
Note that you would have to do this even if you defined a starting
application. It is relatively simple to access the file system from
within most applications.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
SQL troubleshooting: http://sql.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Back
Top