Windows server management with Remote Desktop

When managing server rights with Remote Desktop, you can inadvertently prevent users from completing necessary tasks. See how to selectively manage user rights in this tip.

Question: We are using Remote Desktop in Windows Server 2003 for Windows server management. The current configuration of the application server allows all Remote Desktop users full control of the server, its files and its data. We want to limit the users' rights by removing their access to Windows Explorer and the DOS command prompt, but when they try to save a report setup within the application, they cannot browse the folders. How...

can we fix this? - Posed by a SearchWindowsSecurity.com reader.

Brad Dinerman's answer: The solution to this problem depends on the nature of the application that your Remote Desktop end users are running. If you create shares on the folders that contain the

Windows server management
Windows Small Business Server 2003 access management

Preview of NAP in Windows Server 2008

data and then map drive letters to them, the application may allow you to configure it to automatically open/save from that drive letter, bypassing the use of Windows Explorer.

Alternatively, you can configure a startup application in the Terminal Services Configuration administrative console.

  • Start the console and select the Connections node in the left pane.
  • In the right pane, double-click RDP-TCP to open its Properties sheet.
  • Select the Environment tab, and then click the third radio button, "Start the Following Program When The User Logs On."
  • Enter the full path to the program in the Program Path and File Name field, such as C:\Program Files\Microsoft Office\OFFICE11\winword.exe, and enter just the part in the Start In field, such as C:\Program Files\Microsoft Office\OFFICE11.
  • Click OK to save your changes.

The next time a user logs on to that Terminal (application) Server, he will see only the application that you've specified and will not be able to navigate around the server outside of that application.


This was first published in December 2007

Dig deeper on Microsoft Windows Server Provisioning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close