R
Richard
Hi
We have a Windows SBS 2003 Server hosting all our company's applications and
files. Access is managed on the local domain via the Active Directory. For
some time, I have been remotely accessing the server via Terminal Services
without any problems, but I have been wary of unleashing this facility to
users because of the apparently unlimited access they have to the contents of
the server.
Specifically, all our users from Directors down, have their own shared
folder on the server where they can store all their sensitive documents etc.
These folders are restricted access shares on the domain, so that only the
correct users can access them & map drives to them etc. The trouble is that
when someone logs on via Terminal Services and navigates to the local drives
on the server, they can access all files and folders, right down to the
restricted shared folders.
I've tried hiding the local drives in Windows Explorer via GPEdit.msc, but
despite the drives being hidden, if the Terminal Services user types in "C:"
in the Address bar in Windows Explorer, they can still see and browse through
the contents of that drive.
What I really want to do is only grant access to the local drives on the
server to specific idividuals who log on remotely. Anybody who doesn't have
access granted should be prevented from viewing local drives completely. The
situation is slightly more complicated because I DO want remote users to be
able to double click on icons on their desktop to run applications that are
installed on the server.
Can anyone offer me any insight as to how I might achieve this?
Many thanks in advance,
Richard Hotchkin.
We have a Windows SBS 2003 Server hosting all our company's applications and
files. Access is managed on the local domain via the Active Directory. For
some time, I have been remotely accessing the server via Terminal Services
without any problems, but I have been wary of unleashing this facility to
users because of the apparently unlimited access they have to the contents of
the server.
Specifically, all our users from Directors down, have their own shared
folder on the server where they can store all their sensitive documents etc.
These folders are restricted access shares on the domain, so that only the
correct users can access them & map drives to them etc. The trouble is that
when someone logs on via Terminal Services and navigates to the local drives
on the server, they can access all files and folders, right down to the
restricted shared folders.
I've tried hiding the local drives in Windows Explorer via GPEdit.msc, but
despite the drives being hidden, if the Terminal Services user types in "C:"
in the Address bar in Windows Explorer, they can still see and browse through
the contents of that drive.
What I really want to do is only grant access to the local drives on the
server to specific idividuals who log on remotely. Anybody who doesn't have
access granted should be prevented from viewing local drives completely. The
situation is slightly more complicated because I DO want remote users to be
able to double click on icons on their desktop to run applications that are
installed on the server.
Can anyone offer me any insight as to how I might achieve this?
Many thanks in advance,
Richard Hotchkin.