If you're using Active Directory you can lock down a terminal session fairly well by applying the group policies descriibed here: http://support.microsoft.com/default.aspx?scid=kb;en-us;278295&Product=win2000. If you're using Windows Server 2003, you can also take advantage of Software Restriction Policies to prevent applications from executing without permission. For a simpler solution independent of the operating system and domain structure, there are also third-party products such as triCerat's Simplify Lockdown that hide applications unless you've explicitly enabled them to run in a session and prevent users from exploiting back doors to run unauthorized applications.
Dig Deeper on Windows systems and network management
Related Q&A from Christa Anderson
Expert Christa Anderson explains why it isn't possible to allow drive mapping with Windows 2000 Terminal Services. Continue Reading
Expert Christa Anderson suggests some third-party software producst that can help in using a scanner with Terminal Services. Continue Reading
Expert Christa Anderson advises how to map images on a network share for user on a terminal server. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.