How can I restrict remote desktop users to just the server desktop? I don't want them to have the the ability to use anything on the start menu, file explorer, the system tray, etc. Just the server desktop they log into and the icons placed there. Is this possible?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to restrict RDP users to the desktop 2
- Thread starter tviman
- Start date
-
1
- #2
I don't know how to do that, but there's another product that may give you the end result you're looking for. Citrix has the ability to put the icons on the user's desktop. Then when they double click to run it, the app's user interface with all windows and dialog boxes displays on their workstation, but the app is actually running on the server using all of its resources. Kind of like remote desktop without the desktop.
Citrix is very mature technology. In fact Citrix was the solution for sharing desktops before Windows copied it as their RDP.
Citrix is very mature technology. In fact Citrix was the solution for sharing desktops before Windows copied it as their RDP.
-
1
- #3
I lock down users by using Group Policy. You'll need to go through the various settings and remove various privileges. Create a Group Policy object and call it something like "Lockdown users". Set all the appropriate values to get as "locked-down" as you want and then assign that GPO to the users. It does take some work to do it, but you only have to do it once.
hairlessupportmonkey
IS-IT--Management
I will come across like a complete arsehole, however, should you be doing this kind of thing without some knowledge of what you ware doing?
How many users are you servcing with this server.
Apart from your original question, so many more are running through my mind with this environment. Spec of server vs number of users. Licencing. Apps like Office suite - then more licencing.
ACSS - SME
General Geek
How many users are you servcing with this server.
Apart from your original question, so many more are running through my mind with this environment. Spec of server vs number of users. Licencing. Apps like Office suite - then more licencing.
ACSS - SME
General Geek
- Moderator
- #5
I'm going to agree with Sambones on this one.
This sounds more like a Citrix XenApps solution, where you just "publish" the applications that you want users to have access to.
Plus, if you're just publishing the applications, you don't have the "full desktop overhead"
Just my $.02
"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."
--Greg
This sounds more like a Citrix XenApps solution, where you just "publish" the applications that you want users to have access to.
Plus, if you're just publishing the applications, you don't have the "full desktop overhead"
Just my $.02
"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."
--Greg
- Moderator
- #7
strongm:
The way I usually explain it is this.
If you need a full remote desktop, then Windows Terminal Services is sufficient.
However, if you only want to publish one app, XenApps is the way. You don't have the overhead of the whole windows desktop running, and you can specifically publish the app to the user that you want them to use.
I'm not familiar with RemoteApps; if it's similar, then great. But if it loads a whole desktop, then XenApps is still the way to go.
You can, of course, give a user a whole desktop with XenApps as well. XenApps is also pretty good at load balancing over multiple servers.
Just my $.02
"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."
--Greg
The way I usually explain it is this.
If you need a full remote desktop, then Windows Terminal Services is sufficient.
However, if you only want to publish one app, XenApps is the way. You don't have the overhead of the whole windows desktop running, and you can specifically publish the app to the user that you want them to use.
I'm not familiar with RemoteApps; if it's similar, then great. But if it loads a whole desktop, then XenApps is still the way to go.
You can, of course, give a user a whole desktop with XenApps as well. XenApps is also pretty good at load balancing over multiple servers.
Just my $.02
"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."
--Greg
Windows Terminal Services, Web Access, is sufficient to publish Web apps, as many or as few as needed. This shows a 2012 setup, basically the same setup for the older Windows server operating systems.
Just using the RDP client to access a Windows server directly without the TS Gateway setup is a security risk. Allowing users to access your MAIN server is a security risk in itself, no less allowing access via port 3389 versus through port 443 (SSL).
........................................
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
Just using the RDP client to access a Windows server directly without the TS Gateway setup is a security risk. Allowing users to access your MAIN server is a security risk in itself, no less allowing access via port 3389 versus through port 443 (SSL).
........................................
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
- Thread starter
- #11
ShackDaddy
MIS
An SSL cert is going to run you $8/year at NameCheap. It certainly shouldn't be an expense you work very hard to avoid.
Yet I see people spending hours to avoid having to get one. My time is worth more than that.
It's relatively easy to use native Microsoft tools to publish a single app to a user in pretty much the same fashion XenApp does.
Dave Shackelford
ThirdTier.net
Yet I see people spending hours to avoid having to get one. My time is worth more than that.
It's relatively easy to use native Microsoft tools to publish a single app to a user in pretty much the same fashion XenApp does.
Dave Shackelford
ThirdTier.net
- Status
Similar threads
- Question