Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

restrict terminal users from installing web tool bars etc.

Status
Not open for further replies.
May 18, 2001
42
GB
Hi,

how do i restrict windows users across terminal servers to restrict from installing web toolbars etc

I have seen the local security policy -> software restriction policies

has anyone done this before?

krischrist

 
I guess you would need to configure administrative template. You can configure browser zone policies and restrict users from downloading and installing ActiveX components. That can be done by setting corresponding policies like 'Download unsigned ActiveX controls', 'Initialize and script ActiveX controls not marked as safe', 'Run ActiveX controls and plugins' and others contained in Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\ folder in Inetres.adm. You can find additional info on security zones configuration here . You also can define 'Default risk level for file attachments' policy located in Administrative Templates\Windows Components\Attachment Manager\ folder within the system.adm. To protect settings from being changed by users, you can set 'Disable the Security page' contained within a Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\ folder in Inetres.adm administrative template. Look at Administrative Templates\Windows Components\Terminal Services\ for additional settings for teminal connection. There's also a nice document called Locking Down Windows Server 2003 Terminal Server Sessions over there. We define the list of settings that should be applied to corresponding users when they work in normal way and when they work with Citrix farm with Desktop Authority. Normally we create standardized desktops but sometimes minor changes are needed that differ based on connection type.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top