Windows server management with Remote Desktop

Question: We are using Remote Desktop in Windows Server 2003 for Windows server management. The current configuration of the application server allows all Remote Desktop users full control of the server, its files and its data. We want to limit the users' rights by removing their access to Windows Explorer and the DOS command prompt, but when they try to save a report setup within the application, they cannot browse the folders. How can we fix this?
- Posed by a SearchWindowsSecurity.com reader.

Brad Dinerman's answer: The solution to this problem depends on the nature of the application that your Remote Desktop end users are running. If you create shares on the folders that contain the

Requires Free Membership to View

Windows server management
Windows Small Business Server 2003 access management

Preview of NAP in Windows Server 2008

data and then map drive letters to them, the application may allow you to configure it to automatically open/save from that drive letter, bypassing the use of Windows Explorer.

Alternatively, you can configure a startup application in the Terminal Services Configuration administrative console.

  • Start the console and select the Connections node in the left pane.
  • In the right pane, double-click RDP-TCP to open its Properties sheet.
  • Select the Environment tab, and then click the third radio button, "Start the Following Program When The User Logs On."
  • Enter the full path to the program in the Program Path and File Name field, such as C:\Program Files\Microsoft Office\OFFICE11\winword.exe, and enter just the part in the Start In field, such as C:\Program Files\Microsoft Office\OFFICE11.
  • Click OK to save your changes.

The next time a user logs on to that Terminal (application) Server, he will see only the application that you've specified and will not be able to navigate around the server outside of that application.

This was first published in December 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.