W2K3 Terminal Server (sp1) clients and security

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Clients can not see local printers even though option for drives and printers
are ticked. The local drives are visible though. Printers are lpt /usb and
network. 2ndly, users can see the system drive (c:\) and all applications.
How do I restrict to E: drive only and maybe one application only for all
users except administrators (all).
 
Printers:
check the EventLog on the server to see if redirection is attempted
at all. If you see *no* events regarding printer driver creation,
check the settings on the TS (TS Configuration - rdp-tcp connection
- properties - client settings).
If you see warnings and errors about a missing printer driver, map
the client printers to a native driver.
If you see other warnings and errors in the EventLog, post them
here.

239088 - Windows 2000 Terminal Services Server Logs Events 1111,
1105, and 1106
http://support.microsoft.com/?kbid=239088

Restrict drives: use a Group Policy to hide the drives on the TS.
Note that hiding drives is just a cosmetic feature, users will
still have access to those drives, so you will need to use NTFS
permissions on the file system as well to lock your server down.

231289 - Using Group Policy Objects to Hide Specified Drives in My
Computer for Windows 2000
http://support.microsoft.com/?kbid=231289

Locking Down Windows Server 2003 Terminal Server Sessions
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/tech
nologies/terminal/trmlckd.mspx
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Thanks for the reply. Drives hidden and also using NTFS permissions. Many
Thanks...Still have problems with printing. TS Svr has no events for
printing. TS configuration has 'enabled' client settings for
printers/drives/default to client main printer. Client XPP also has local
disk drive and printer 'enabled'. Please assist soones. Kind Regards.
 
If the EventLog shows *no* events regarding printers, it seems that
printer redirection is not attempted at all.

Ambi, can you check if these printers use a custom port on the
client, like DOT4? If so, check this:

302361 - Printers That Use Ports That Do Not Begin With COM, LPT,
or USB Are Not Redirected in a Remote Desktop or Terminal Services
Session
http://support.microsoft.com/?kbid=302361
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Back
Top