Setting permissions for Terminal Services applications

Permission issues you should consider when enabling Applications Sharing mode in Terminal Services.

When enabling Terminal Services in Applications Sharing mode, you will be asked to select a permission level for

users of Terminal Services. If you select Permissions Compatible with Windows 2000 Users, you will have the most secure settings, but some legacy application will not run. These legacy applications might need access to registry and file locations to which Windows 2000 users do not have access. If you need to ensure the capability to use legacy applications, choose Permissions Compatible with Terminal Server 4.0 Users.

Users logged on using the RDP client are automatically members of the implicit Terminal Services Users local group. To control Terminal Services users, control this group. This group is already restricted. They cannot install applications or invoke the Windows installed. The Windows installed is sometimes used to install missing parts of applications. Because the Terminal Services Users local group cannot involve the Windows installed, users cannot install missing parts of applications. Terminal Services users, therefore, unlike normal Windows users, cannot install any kind of application on the Terminal Server.

For more information, visit these other resources:
This was first published in January 2001

Dig deeper on Storage Area Network (SAN) Management for Windows



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: