Answer the question
In order to leave comments, you need to log in
I
I
Ivan Trofimov2016-03-28 10:03:37
Ivan Trofimov, 2016-03-28 10:03:37
How to protect information in Windows Server 2012 R2 when providing dsoutp to a single application over RDP (Remote App)?
Is it possible to somehow restrict a user's access to only one application via RDP on Windows Server 2012 R2, while not giving the user access to a remote file system? In theory, you can organize a RemoteApp, but it's not clear to me, when you open "Save as ..." will the FS of the remote machine be displayed, or the local one?
The second option: full RDP access, we prohibit copying via RDP, we leave only RDP traffic on the firewall.
What other options are there? You can use third party products.
2 answer(s)
@cbone
Remote FS will be displayed, local - if disk redirection is enabled on the client.
On the remote server, truncate the rights to user rights. Do not store any valuable information on the server - let it receive everything from other servers on the network in accordance with its rights, and the terminal server is only for remote access.
Access to applications is restricted if AD is deployed. Without AD - all applications are available, but you can:
1.do not configure Web access to applications so that users cannot see the full list of published applications;
2.Configure applications on the client manually (via rdp or msi files).
Then, in fact, the client will only have the application that you set up for him.
He, of course, can access other applications himself, but for this you need to have some skills in administration. Users, IMHO, should not have such skills, otherwise they need to be invited to work in the IT department.
R
res2001, 2016-03-28 @cbone
when you open "Save as ..." will the FS of the remote machine be displayed, or local?
Remote FS will be displayed, local - if disk redirection is enabled on the client.
On the remote server, truncate the rights to user rights. Do not store any valuable information on the server - let it receive everything from other servers on the network in accordance with its rights, and the terminal server is only for remote access.
Access to applications is restricted if AD is deployed. Without AD - all applications are available, but you can:
1.do not configure Web access to applications so that users cannot see the full list of published applications;
2.Configure applications on the client manually (via rdp or msi files).
Then, in fact, the client will only have the application that you set up for him.
He, of course, can access other applications himself, but for this you need to have some skills in administration. Users, IMHO, should not have such skills, otherwise they need to be invited to work in the IT department.
Similar questions
K
S
A
D
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question