Locking down remote desktop using AD GPO

Posted by Brettski on Server Fault See other posts from Server Fault or by Brettski
Published on 2010-06-02T18:42:25Z Indexed on 2010/06/02 18:55 UTC
Read the original article Hit count: 255

Filed under:

windows-server-2003

|

remote-desktop

|

terminal-services

I am currently locking down a companies remote desktop access via a VPN. What I need to do is disable remote printing, file transfer and clipboard via active directory for the workstations that will be accessed. I am having trouble figuring out which GPO's are used to restrict this.

My basic approach is to restrict VPN users to port 3389 so the will be able to access their work computers remotely but nothing else (I will look into layer 7 scanning later). With this I want to ensure they are unable to transfer and data via files, printing or the clipboard.

The environment is Windows Server 2003

© Server Fault or respective owner

Related posts about windows-server-2003

Rotate monitor to portrait on Windows Server 2003 with ATI card

as seen on Super User - Search for 'Super User'
Does anyone know if it is possible to rotate a monitor from landscape to portrait mode on Windows Server 2003 32-bit with an ATI video card? According to Dell's site, I should be able to rotate my Dell P2310H monitor by installing drivers from their website, but they don't have drivers for Windows… >>> More
Windows Server 2003 Trial Activation Issue

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 (R2 Enterprise with SP2) VM, originally installed with a trial license. We forgot about the server, and now more than 120 days has passed, and I can't do anything with the server. I seem to be at a dead end with the existing installation. When I log in, I get: The… >>> More
Windows Server 2003 can't see Vista machine

as seen on Server Fault - Search for 'Server Fault'
Hi there, I've got a real PITA problem that I'm sure has a really simple solution. I have a Windows Server 2003 machine that needs to be able to see the network name of a Vista box - but refuses to. It can see the Vista box (and even access its shared folder) if I enter the Vista box's IP address… >>> More
Windows server 2003 default administrator password

as seen on Stack Overflow - Search for 'Stack Overflow'
Sorry if this is an overly simplistic question, but I'm a bit stuck here. :) I need a windows machine for me to do some programming for class. Since I have my Macbook with me everywhere I go, I figured that it would be easiest to install a vm. And since I can get a copy of Windows server 2k3 for… >>> More
Windows Server 2003 - Handling hundreds of simultaneous downloads

as seen on Server Fault - Search for 'Server Fault'
At the moment I have a single server with 4 1TB hard disks, daily I haver over 150 MP3 music files uploaded (around 80mb each). At busy periods there is over 300 people streaming / downloading these mixes all at once, 75% of the activity is on the most recently uploaded stuff which is all on a single… >>> More

Related posts about remote-desktop

Identify remote desktop client software and OS when user logs into Windows 2008 R2 Remote Desktop

as seen on Server Fault - Search for 'Server Fault'
We would like to detect what devices & what programs users are using to connect to the Windows 2008 R2 Remote Desktop. In particular, we would like to have an ability to detect the remote devices such as iPads, iPhones & Androids, identify the software used and allow these connections only… >>> More
Can't Remote Desktop to server after rebooting via Remote Desktop

as seen on Server Fault - Search for 'Server Fault'
When I reboot a Windows 2003 or Windows 2008 server via a Remote Desktop connection, the server comes back up and will not accept any RDP connections: the RDP client errors out with "Connection Refused." The Terminal Services service is running on the server and restarting it has no effect. No errors… >>> More
VNC client not working -- Not able to see the changes happening on the other side

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is the Problem: I have two computers connected in the same LAN. I am trying to access one computer from another using Remote Desktop Viewer, I am able to see the remote desktop. But when i click on any thing or perform any action, I dont see the result but the action is performed on the remote… >>> More
Snow Leopard doesn't repair permissions, despite showing / saying its fixed them?

as seen on Super User - Search for 'Super User'
Sometime ago, I used carbon copy as I was replacing my hard drive in my Mac Mini running Snow Leopard. Afterwards, on my new drive I had some permission problems. I've tried several times running a repair permissions / repair disk from disk util. It shows that there are problems and I think it says… >>> More
How to Access a Windows Desktop From Your Tablet or Phone

as seen on How to geek - Search for 'How to geek'
iPads and Android tablets can’t run Windows apps locally, but they can access a Windows desktops remotely — even with a physical keyboard. In a pinch, the same tricks can be used to access a Windows desktop from a smartphone. Microsoft recently launched their own official Remote Desktop… >>> More