Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Terminal Services Security Configuration

Status
Not open for further replies.
ZartiTech

ZartiTech

IS-IT--Management
Apr 10, 2007
16
US
Hi All,

I have the need to setup a terminal services profile for an outsourced bookkeeping company and I have a few questions about securing it before they log in.

1) How do I prevent a user from being able to shut down or restart the server, but still log on and off terminal services?

2) In order for them to access quickbooks I think I have to give them administrator rights on the server itself, how do I prevent them from being able to access Active Directory & other admin tools?

3) Can I "turn off" internet explorer access so that they can't surf the web while logged into the server?

Any help would be greatly appreciated. Also, if you decide to help, please be specific. My knowledge of security and group policy setup is pretty thin.

Thanks,
Jon.

We're Running:
Microsoft Windows SBS 2003 with exchange & SQL.
 
Sort by date Sort by votes
Well by giving them admin rights its going to make this task very difficult to ensure you close all the doors. I would start by creating a new OU and putting this one specific user in the OU. Then i would create a new GPO and link it to that OU. I would start with a desktop and start menu redirection so they can only see the shortcut for quickbooks icon, then i would go through every option in the GPO and tighten the screws until only quickbooks can breath. Not an easy task but you can probably restrict them to point you are comfortable with but you will always have risk with this setup. The question is can you live with that risk?

RoadKi11
 
Upvote 0 Downvote
Ok. I'm a bit confused. OU means? GPO ... Group Policy?

Is there a way to only give them user or power user status and still have them access quickbooks?

 
Upvote 0 Downvote
An OU is an organizational unit or AD container, GPO is a group policy object. If you create a new OU and a new GPO for that OU and put the user in that OU then that GPO will only apply to that user. Im struggling to remember but i dont think you can run TS on an SBS server, with that said the only option you have(if you want to use a TS type connection) is to give them admin rights as they need to be a member of the administrators group in order to make a remote management connection.

RoadKi11
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
546
Aquiles Vidal
Aquiles Vidal
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
208
DrB0b
DrB0b
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
175
amanua
amanua
UnpluggedFE
  • Locked
  • Question
Terminal Server Farm Desktop Shortcuts
Replies
1
Views
162
gbaughma
gbaughma
AndyH1
  • Locked
  • Question
Login and Reporting Services and sessions issue
Replies
0
Views
125
AndyH1
AndyH1

Part and Inventory Search

Sponsor

Back
Top