General discussion


Restrict exes for domain user on 2003 server (remote desktop)

By truwarrior22 ·
I have one user who has to log onto a 2003 server inorder to run an specific program that can only be ran on the server.

If there a way I can have the domain user beable to connect to the 2003 with remote desktop then beable to run just that one application?

Just don't want the user to accidently shut down the server, delete something, change any server settings, etc.

Thanks for any help! This ones got me stumped

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by BFilmFan In reply to Restrict exes for domain ...

What is this program that has to be run from a server that this user is using?

And are we discussing a member server or a domain controller?

Collapse -

by truwarrior22 In reply to Suggestion

It's a domain controller. The application is a timekeeper administration tool.

Collapse -


by BFilmFan In reply to

If this program HAS to run on a domain controller then a Domain Admistrator should be the one running it.

Or you should set up a service account and have that account have permissions to run the program.

Letting an end user loose on your domain controllers is the equivalent of sticking black powder in your ears, pouring gasoline on your head and wearing dynamite underwear. Not going to be too long before something blows up...

Collapse -

by mariosred In reply to Restrict exes for domain ...

You can follow the microsoft's recommendation for lockdown servers. You can search for the whitepapers on this subject.
If you are running Active directory, this can be done by implementing a Group Policy procedure and provide your users with limited access.

Collapse -


by jbaker In reply to

I would do this anyway, it is simply the smart thing to do.

Also, set the remote desktop session to open the application automatically, and clean off the the desktop in the user's profile to reduce the chance of "accidental" problems.

Collapse -

by bijay In reply to Restrict exes for domain ...

You can do it at server level by specifying either at RDP level on the Terminal Server if you are sure on RDP, the users will be accessing only a single application, or set at User level on Environment tab of the Users in the active directory User property. At PC level, but less secure, you may also mention it in the TS client Connections tab the particular executable to be executed.

Collapse -


by nick In reply to Restrict exes for domain ...

You could setup a rdp session on the said user's desktop to point ONLY to a certain program on said 2003 Server. Open up a new RDP connection, click the Programs tab (2nd one from the right), check the "Start the following program on connection" located at the top. Next line down fill in the entire path for the program that is needed to be ran then the next line down, put only to the folder level.

I hope that helps,


Related Discussions

Related Forums