Discussion:
blocking access to explorer on a terminal server session
(too old to reply)
neo68
2006-02-28 17:16:29 UTC
Permalink
I have configured group policy to lock down the terminal server on our
windows 2003 server; however, if the user clicks start > then double clicks
"programs" they are still able to access the explorer and "snoop" around.
Does anyone know of a way to deny access to the explorer? We are running an
old dos application which prevents us from using the run a single application
feature (which I know would prevent a user from accessing anything on the
desktop - even a start menu).
Vera Noest [MVP]
2006-02-28 20:14:05 UTC
Permalink
Use NTFS permissions on the file system to keep users out sensitive
areas of the server disks. The default permissions on a 2003 server
should already do this, provided that you didn't give your users
elevated user rights, and that you installed Terminal Services in
"Full Security" compatibility mode.
Note that you would have to do this even if you defined a starting
application. It is relatively simple to access the file system from
within most applications.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
SQL troubleshooting: http://sql.veranoest.net
___ please respond in newsgroup, NOT by private email ___
Post by neo68
I have configured group policy to lock down the terminal server
on our windows 2003 server; however, if the user clicks start >
then double clicks "programs" they are still able to access the
explorer and "snoop" around. Does anyone know of a way to deny
access to the explorer? We are running an old dos application
which prevents us from using the run a single application
feature (which I know would prevent a user from accessing
anything on the desktop - even a start menu).
Loading...