Users will be provided with an error message even if they use the UNC path to access the drives. The primary reason to remove Favorites and Libraries and access to drives is because they contain mostly accessed locations on a system, so in the case of the RD Session Host server, this includes the desktop, downloads, recent places, etc.
It is recommended that a user not save any documents to these locations. You must perform these modifications on the RD Session Host server. You can use the Registry to make these changes.
Note: Back up the key first and take ownership of the ShellFolder before changing the value of Attributes. By enabling these settings you can ensure that users do not inadvertently access data stored on other drives, or delete or damage programs or other critical system files on drive C.
Office Office Exchange Server. Not an IT pro? I had the same problem. Enable loopback processing. All users who log on to the Terminal Server are then restricted by user-based policies as defined by the locked down GPO, regardless of the OU the user is located in.
This can prevent many local changes from being applied to the Terminal Server; however, the server can still be remotely maintained. If administrators need access to the Terminal Server, log off all users and temporarily restrict their logons to the Terminal Server.
Move the Terminal Server computer object out of the locked down OU, then log on. Return the Terminal Server computer object to the locked down OU, and re-enable user logins after maintenance is complete. This implementation does not require users to have multiple user accounts. It can also prevent configuration changes to the Terminal Server while it is in production. If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem.
Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. All submitted content is subject to our Terms Of Use. We are in the process of configuring a terminal services on MS Server 03 and I thought I would ask for some knowledgable input Do you think that applying local security policy to remove unwanted items control panel, run, etc From what I've seen, this locks down admin access as well, which I really would like to have.
This method however seems to be applying restrictions on all computers the user logs into - something we only want to do on the server.
All in all, I am looking for the balance between locking down the interface but still being able to admin the box as needed. Any ideas? Is anyone using a different method to secure terminal services?
Share Flag. All Answers. Collapse -. User affects?
0コメント