If you're using Active Directory you can lock down a terminal session fairly well by applying the group policies descriibed here: http://support.microsoft.com/default.aspx?scid=kb;en-us;278295∏=win2000. If you're using Windows Server 2003, you can also take advantage of Software Restriction Policies to prevent applications from executing without permission. For a simpler solution independent of the operating system and domain structure, there are also third-party products such as triCerat's Simplify Lockdown that hide applications unless you've explicitly enabled them to run in a session and prevent users from exploiting back doors to run unauthorized applications.
Dig Deeper on Microsoft Windows Systems and Network Management
Related Q&A from Christa Anderson
Expert Christa Anderson explains why it isn't possible to allow drive mapping with Windows 2000 Terminal Services. Continue Reading
Expert Christa Anderson advises how to map images on a network share for user on a terminal server. Continue Reading
Expert Christa Anderson offers some ideas for monitoring who is connecting to a terminal server, and when they are connecting. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.