×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

How to restrict RDP users to the desktop
2

How to restrict RDP users to the desktop

How to restrict RDP users to the desktop

(OP)
How can I restrict remote desktop users to just the server desktop? I don't want them to have the the ability to use anything on the start menu, file explorer, the system tray, etc. Just the server desktop they log into and the icons placed there. Is this possible?

RE: How to restrict RDP users to the desktop

I don't know how to do that, but there's another product that may give you the end result you're looking for. Citrix has the ability to put the icons on the user's desktop. Then when they double click to run it, the app's user interface with all windows and dialog boxes displays on their workstation, but the app is actually running on the server using all of its resources. Kind of like remote desktop without the desktop.

Citrix is very mature technology. In fact Citrix was the solution for sharing desktops before Windows copied it as their RDP.

RE: How to restrict RDP users to the desktop

I lock down users by using Group Policy. You'll need to go through the various settings and remove various privileges. Create a Group Policy object and call it something like "Lockdown users". Set all the appropriate values to get as "locked-down" as you want and then assign that GPO to the users. It does take some work to do it, but you only have to do it once.

RE: How to restrict RDP users to the desktop

I will come across like a complete arsehole, however, should you be doing this kind of thing without some knowledge of what you ware doing?

How many users are you servcing with this server.

Apart from your original question, so many more are running through my mind with this environment. Spec of server vs number of users. Licencing. Apps like Office suite - then more licencing.

ACSS - SME
General Geek

RE: How to restrict RDP users to the desktop

I'm going to agree with Sambones on this one.

This sounds more like a Citrix XenApps solution, where you just "publish" the applications that you want users to have access to.

Plus, if you're just publishing the applications, you don't have the "full desktop overhead"

Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

RE: How to restrict RDP users to the desktop

Not sure why we'd necessarily need to go XenApps, when this (running specific apps on the remote server) can be done with built-in functionality - Remote Desktop Services and RemoteApps

RE: How to restrict RDP users to the desktop

strongm:

The way I usually explain it is this.

If you need a full remote desktop, then Windows Terminal Services is sufficient.

However, if you only want to publish one app, XenApps is the way. You don't have the overhead of the whole windows desktop running, and you can specifically publish the app to the user that you want them to use.

I'm not familiar with RemoteApps; if it's similar, then great. But if it loads a whole desktop, then XenApps is still the way to go.

You can, of course, give a user a whole desktop with XenApps as well. XenApps is also pretty good at load balancing over multiple servers.

Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg

RE: How to restrict RDP users to the desktop

> if it's similar

Wouldn't 't have mentioned it otherwise.

>specifically publish the app to the user

As of W2K8 R2, yep

> load balancing
XenApps - and HorizonView - wins here

RE: How to restrict RDP users to the desktop

Windows Terminal Services, Web Access, is sufficient to publish Web apps, as many or as few as needed. This shows a 2012 setup, basically the same setup for the older Windows server operating systems.

https://www.thirdtier.net/rdweb-in-windows-server-...

Just using the RDP client to access a Windows server directly without the TS Gateway setup is a security risk. Allowing users to access your MAIN server is a security risk in itself, no less allowing access via port 3389 versus through port 443 (SSL).



........................................

"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949

RE: How to restrict RDP users to the desktop

Well, yes. RD Web Access is part of what I was referring to.

RE: How to restrict RDP users to the desktop

(OP)
Web Access is great for "in the office" users but for users who are out of the office then you need an SSL certificate to use remote apps on Windows 2019. I was trying to avoid that expense, if possible.

RE: How to restrict RDP users to the desktop

>for users who are out of the office then you need an SSL certificate

You need a cert just for both RD Web Access and RD Gateway - so just how are you exposing your remote desktop to users who are out of the office?

RE: How to restrict RDP users to the desktop

An SSL cert is going to run you $8/year at NameCheap. It certainly shouldn't be an expense you work very hard to avoid.

Yet I see people spending hours to avoid having to get one. My time is worth more than that.

It's relatively easy to use native Microsoft tools to publish a single app to a user in pretty much the same fashion XenApp does.

Dave Shackelford
ThirdTier.net

RE: How to restrict RDP users to the desktop

>It's relatively easy to use native Microsoft tools to publish

Quite so!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close