>>>Hi All,
>>>
>>>I'm not a networks expert or anything so forgive the ignorance. We have a remote desktop server running which allows users to access our program remotely via TS or Citrix style access. Our program allows a user to open files, such as a DBF file or a text file. I have found a security issue in that a user can use the standard windows File->Open dialog to navigate around the C drive and even go so far as going into the Windows sub-folder, into the System32 sub-folder, and then run the management console to see user login names and details! They can navigate into the Users folder to see what other users have access to the server. How can one prevent this or is that not possible?
>>>
>>>I cannot restrict users from the Windows sub-folder because I think they need that access in order to log on with Remote Desktop surely? I cant deny access to the Users folder for the same reason (although windows does prevent the user from accessing any specific user folder other than his own).
>>
>>If you have "frisky" users poking around, ultimately you're probably going to need to lock your TS down. Googling [terminal server lockdown] for your specific version should give you some ideas.
>
>Thanks Al. I have found a link under Group Policy to hide all server drives from user logins. That goes a long way to solving the problem. Will investigate further. Here is what I found: http://tinyurl.com/7e77jfr

You'll probably find this in your search for lockdown, but you can force TS to only run executable and close the TS session when its exited.

Chris.