Limit user capability on a XP pro client machine

By JamesVan ·
I am searching for a way to limit the functionality of a single client machine on a server 2003 domain, to the running of SINGLE program for remote users. This machine will have remote desktop enabled, and allow the users, via Cisco Easy VPN, the ability to run a single program (i.e. Peachtree Accounting). The software "front end" will be loaded on subject machine, with the "back end" or Company file on the server. Security/Permission settings on the client and server will be set to allow the remote user Server access to only the one folder with the Company data. However, I would like to take it a step further, by disallowing the remote user the ability to anything other than run the single program. The dedicated machine will be used for nothing else ? Is there a way to accomplish this?

Thanks for any help/advice that may be offered.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Several ways to do this

by XT John In reply to Limit user capability on ...

If you are trying to limit their ability to run programs on the client computer
The simplest way to do this would be to create a user in your 2003 domain, with all the lockdowns set up in group policy, and have the user(s) of that machine sign in with that profile. There is several third party software that lock down a machine. We use FGC's Fortress to lock access to the start button, lock out the taskbar, disable right clicking the desktop, block ctrl+alt+del (preventing access to task manager) and allowing access only to programs on the desktop. For the adventurous, there is Microsofts Shared Access, which does the same things, but with a larger learning curve (but it is free). Third, you can lock down the client machine itself using group policy. The drawback by doing this is, the policies are in affect for the computer. No matter who logs onto that machine (even administrator), the policies are enforced.

Or are you trying to limit what they can do when connected to the server? Is the Accounting program running on the server? and they are only seeing a 'screen shot' on their machine? Or are they accessing the data only on the server? We currently have 400 clients accessing us over terminal services (rdp), and can share some of the ways we've limited their access on the 2003 servers:)

Collapse -

More Detail

by JamesVan In reply to Several ways to do this

The specific scenario is this: The remote user would be running the Cisco Easy VPN Client software on their machine. They would establish a connection to my Cisco 871 router with a static IP address, using a user name and PW I have provided. Once the connection is established, they would fire up a remote desktop connection to the local IP address for a specific machine on my LAN. The remote user would then enter a user name and PW to take control of this computer as a limited user. At this point, I would like for the remote user to have only one option, that is, to run Peachtree Accounting. The program ?front end? would be executed on this machine, with the ?back end? on the server. As it is now, the remote user initiates the remote desktop session, after the VPN connection, and is able to do more than simply run the Peachtree Accounting program. I don?t think this is a big risk, as I have security/permissions on the server for the subject computer and user set to allow access to only the one folder that has the ?back end? for the Peachtree software. However, it would like it to be very cut and dry. When the remote user enters the user name and PW to start the remote desktop session, Peachtree Accounting starts. Likewise, when they exit Peachtree, the remote desktop session is terminated. The complexities of accomplishing this may not be worth the benefit, I don?t know??? Thanks again for the help.


Collapse -

getting MSTSC to run a program

by nick In reply to More Detail

Under the settings on mstsc you can set it to run a specified program ( Ie Peachtree)IT is under the options tab and program
Its a cheaper way of doing it than buying Citrix. but the same will happen. The user logs on with their username and PW it logs them on to the TS and immeadiately runs the program. As soon as the come out of the program they are logged out
Hope the helps

Nick MCSE 2003 MCT

Collapse -

Easy Way

by tech In reply to More Detail

Microsoft Remote Desktop has an advanced feature button that will allow you to run a single program on script as soon as the connection is made to the host machine. You create the environment and save the file on the client computer. Upon closing of the said program, Remote desktop will close as well. I use it very often with my clients.

Related Discussions

Related Forums