Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Remote Desktop
Message
From
24/10/2013 14:00:08
 
 
To
24/10/2013 13:29:48
General information
Forum:
Windows
Category:
Security
Title:
Environment versions
OS:
Windows Server 2012
Miscellaneous
Thread ID:
01586307
Message ID:
01586315
Views:
28
>>>Hi All,
>>>
>>>I'm not a networks expert or anything so forgive the ignorance. We have a remote desktop server running which allows users to access our program remotely via TS or Citrix style access. Our program allows a user to open files, such as a DBF file or a text file. I have found a security issue in that a user can use the standard windows File->Open dialog to navigate around the C drive and even go so far as going into the Windows sub-folder, into the System32 sub-folder, and then run the management console to see user login names and details! They can navigate into the Users folder to see what other users have access to the server. How can one prevent this or is that not possible?
>>>
>>>I cannot restrict users from the Windows sub-folder because I think they need that access in order to log on with Remote Desktop surely? I cant deny access to the Users folder for the same reason (although windows does prevent the user from accessing any specific user folder other than his own).
>>
>>If you have "frisky" users poking around, ultimately you're probably going to need to lock your TS down. Googling [terminal server lockdown] for your specific version should give you some ideas.
>
>Thanks Al. I have found a link under Group Policy to hide all server drives from user logins. That goes a long way to solving the problem. Will investigate further. Here is what I found: http://tinyurl.com/7e77jfr

You'll probably find this in your search for lockdown, but you can force TS to only run executable and close the TS session when its exited.

Chris.
Previous
Reply
Map
View

Click here to load this message in the networking platform