Thanks Rick.


>Can't you just create a user group that doesn't have access on c:? Set up the group and add any users you want to RDP to that group. Then set permissions on the C: drive to disallow access to that group and remove any less granular mappings (like Users from the drive).
>
>I don't think that will make the drive invisible, but it will make it inaccessible. If you remove all users except admins and whatever users you allow on the top level C: mapping including directory read rights they won't see anything beyond the drive.
>
>+++ Rick ---
>
>>>>Can you please explain what file system permissions should be given or denied to users of a remote app. Also, what should and shouldn't be locked with AppLocker?
>>>
>>>
>>>Whitelist a filehash of the allowed apps; it's pretty painless. Then, if the user tries to fire up another app that's not approved, AppLocker will block it.
>>
>>Hi Brandon,
>>
>>We want to make all of c: drive invisible to the remote app user. Naturally, many files in c: drive as well as in the associated file server will need to be executed, read or written by executing programs even though they are invisible to the user. What NTFS rights correspond to this condition?
>>
>>Thank you very much for the help.
>>
>>Alex