Here is our current situation: I have set up Remote Desktop Services on Server 2012 R2 and published RemoteApp programs. Everything works great with load balancing, collections, etc... and I have been very impressed. However, as it always has been an issue,
I have always had the question of how to allow users to access RemoteApp applications on the session host without allowing them to RDP directly onto the server to access the server desktop. Obviously, you have to add them to remote desktop users group and
they need to be allowed to access over RDP so I figure that the next best thing is to restrict access to the desktop should they manually type the name into an RDP client connection. I know you couldn't restrict them from using mstsc.exe because they need
that to open the RemoteApp since it just uses RDP and I am aware of using GPO's to restrict access to drives and many other things but I would like to remove the desktop altogether. Would it be plausible to remove the GUI feature and restrict access to CMD
and SCONFIG through Server Manager and still allow the session host to present RemoteApp applications or is there a better way to approach this? I figured if I just remove the GUI and access to cmd and sconfig then if they logged on, they would get a blank
screen. Thank you in advance for your time!
↧