preventing user from running programs in remote desktop client

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi

I have a couple of new terminal servers that I have locked down significantly with what users can have access to. For example a user cannot access the control panel, cannot go to start | run and type in CMD or REGEDIT and have the apps open. However, my problem is that in the XP remote desktop client there is a tab called 'programs'. In this tab a user can select a application to run at login such as CMD or REGEDIT and they will open when a user logs in. From a CMD prompt in this situation a user can call up other things like User Manager. Users have limited access to these things, but our security department is demanding that accessing these programs through the programs tab in the Remote Desktop Client is stopped. These are Windows 2000 servers in a NT4 domain that is not running AD. Help!!

TJ
 
From your description, you want Terminal Services to ignore the "start a
program" from client, let me know if this is not the case,

To overwrite client settings, you can use tscc.msc or gpedit.msc to set it,

tscc.msc -> RDP-Tcp -> Environment and check "Override settings from user
profile..."
gpedit.msc -> Local Computer Policy -> Computer Configuration ->
Administrative Template -> Windows Components -> Terminal Services and set
"Start a program on connection" to disable

Hope this help.

-Huei Wang

--
This posting is provided "AS IS" with no warranties, and confers no rights.



TJ said:
Hi

I have a couple of new terminal servers that I have locked down
significantly with what users can have access to. For example a user cannot
access the control panel, cannot go to start | run and type in CMD or
REGEDIT and have the apps open. However, my problem is that in the XP
remote desktop client there is a tab called 'programs'. In this tab a user
can select a application to run at login such as CMD or REGEDIT and they
will open when a user logs in. From a CMD prompt in this situation a user
can call up other things like User Manager. Users have limited access to
these things, but our security department is demanding that accessing these
programs through the programs tab in the Remote Desktop Client is stopped.
These are Windows 2000 servers in a NT4 domain that is not running AD.
Help!!
 
Hi

Yes, that is exactly what I'm trying to do. Thank you for the help, except these are Win2000 servers, not Win2003, so they do not have the TSCC.msc or the Terminal services section in the group policy.msc

One idea I am going to try is in the RDP properties, in the environment tab there is a setting to override the client and start this app. I'm hoping that leaving that blank will allow the regular desktop to appear.

Any other thoughts?

TJ
 
tscc is terminal service configuration, sorry for confusion, the setting in
the environment tab should work, just leave the "program path and file name"
and "start in" blank.


--
This posting is provided "AS IS" with no warranties, and confers no rights.



TJ said:
Hi

Yes, that is exactly what I'm trying to do. Thank you for the help,
except these are Win2000 servers, not Win2003, so they do not have the
TSCC.msc or the Terminal services section in the group policy.msc
One idea I am going to try is in the RDP properties, in the environment
tab there is a setting to override the client and start this app. I'm
hoping that leaving that blank will allow the regular desktop to appear.
 
Back
Top