Restricted Terminal Services Client User

  • Thread starter Thread starter Patrick
  • Start date Start date
P

Patrick

I am trying to set up a user with Terminal Services access to a
Windows 2000 server (with SP4) that
1) Could not see shortcuts under \Documents and Settings\All
Users\Desktop
2) Could not see shortcuts under Could not see shortcuts under
\Documents and Settings\All Users\Start Menu

(Preferably, it would be nice if the desintation to those shortcuts
could be made inacccessible, too!, but hiding it would be good enough for
now).

How could this be best achieved?

I have tried the following, which is not good enough
- Change the ACL to the short cuts, to deny access to that user----
results: user could see the shortcut but could not double click it
- As above, but also make change the ACL of the desktop folder
removing all rights to the user---- results: when user logs in, he/she gets
an error saying All Users\Desktop "Access is denied"
 
If you are using Active Directory, set up an OU for
Terminal Services Lockdown, and put the user in it.
Create a Group Policy for that OU, and configure that
Policy to remove the things you want it to remove. For
example, "Remove all items from Desktop" I think is one of
the possible policy settings. Configure the Security of
that Policy to Apply for that particular user.
If you don't use AD, then I don't think you are going to
be able to do much more than change the security like you
already did.
 
Can't you simply remove all unwanted shortcuts? I routinely move all
unwanted shortcuts from the All Users Desktop and Start Menu to the
Administrators Desktop and Start Menu.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup ---
 
Back
Top