Tuesday, March 05, 2013 5:34 PM
I have a Windows Server 2008 R2 installed on a server. I want certain users to connect to them automatically launch an application, So far so good.
The fact is that when you open the application at login, the desktop is not shown, but if you press the hotkey to Task Manager opens us well. Then run a new task, explorer.exe and Buala, already have access to the desktop and hard drive (though let us not delete anything). I want to not even have access to the hard drive, you can not do anything but to work with it.
I have seen that from the security policies can block level access to specific users or all hard drives, and you can disable hotkeys Task Manager. This "think" that would access it difficult (if not impossible, you never know). The fact is that these policies affect all users, including administrators who have potential. My question is then: How differentiate between them permission restrictions some basic users and administrators? I can not find how to divide, or is all or none.
Thanks in advance, Regards.
Tuesday, March 05, 2013 10:36 PM
is your Windows Server 2008 R2 a Domain Member ? If yes, then you have the flexibility of Domain's GPOs; otherwise if it's Workgroup Member you can use Local GPO only; but in this case the trick is to change %systemroot%\System32\GroupPolicy folder Security Permissions so Administrators won't be affected by Local GPO:
- Create new local Administrator to use to manage GPO (e.g. GPOAdmin)
- Deny access to %systemroot%\System32\GroupPolicy or %systemroot%\System32\GroupPolicy\Machine or %systemroot%\System32\GroupPolicy\User folder for Administrators (except GPOAdmin) = so they won't be affected by Local GPO
- Use new local Administrator created before to manage Local GPO by MMC
Give it a try...
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.
Thursday, March 07, 2013 12:01 PMPerfect! Something like that was what I needed. Luca thank you very much;)