Limit Windows Remote Desktop users' server rights

Limit Windows Remote Desktop users' server rights

We are using Remote Desktop in Windows Server 2003 for server management. The current configuration of the application server allows all Remote Desktop users full control of the server, its files and its data. We want to limit the users' rights by removing their access to Windows Explorer and the DOS command prompt, but when they try to save a report setup within the application, they cannot browse the folders. How can we fix this?

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The solution to this problem depends on the nature of the application that your Remote Desktop end users are running. If you create shares on the folders that contain the data and then map drive letters to them, the application may allow you to configure it to automatically open/save from that drive letter, bypassing the use of Windows Explorer.

Alternatively, you can configure a startup application in the Terminal Services Configuration administrative console.

  1. Start the console and select the Connections node in the left pane.

  2. In the right pane, double-click RDP-TCP to open its Properties sheet.

  3. Select the Environment tab, and then click the third radio button, "Start the Following Program When The User Logs On."

  4. Enter the full path to the program in the Program Path and File Name field, such as C:Program FilesMicrosoft OfficeOFFICE11winword.exe, and enter just the part in the Start In field, such as C:Program FilesMicrosoft OfficeOFFICE11.

  5. Click OK to save your changes.

The next time a user logs on to that Terminal (application) Server, he will see only the application that you've specified and will not be able to navigate around the server outside of that application.

This was first published in October 2007

Back to top