Answer the question
In order to leave comments, you need to log in
Terminal/remote access to a computer?
I will try to formulate the question as precisely as possible. There is a computer with XP. Very rare and expensive software is installed on it. In a single copy, of course. It was decided to protect the computer from the maximum number of influences, put the system unit in a safe (well, or something like a safe). Now we need to make it so that users can work with it, but at the same time they cannot make any changes to the system, they cannot delete anything. Roughly speaking, read-only rights.
Can anyone suggest the best way to organize this?
Answer the question
In order to leave comments, you need to log in
It is better to put Server 2008 there, and organize work with the program through RemoteApp.
Put vncserver on the computer in a safe, to which you can set all the necessary settings. There are many such programs.
Let's say:
UltraVNC: www.uvnc.com/
Look towards steadystate from finely soft. It allows you to freeze the contents of partitions by caching changes in RAM. After the reboot, the changes are rolled back, and the config is saved on another partition.
If it is important to leave XP and some license violation is not scary, you can use the modified termserv.dll sig9.com/articles/concurrent-remote-desktop
perhaps a simple backup is enough ... buy yourself a thread from acronis and you will be happy.
but to make it so that the user does not have write permissions and at the same time ensure normal operation ... this is nonsense, however.
The easiest option is to give Guest rights.
But it won't solve all problems.
If everything is really that expensive and important there are hardware solutions.
Try creating a user with a limited account on the server and configure NTFS rights so that all files related to your program have this user read-only rights. Do not forget about the rights to the corresponding branches of the registry. As far as I remember, on Windows XP, the standard regedit does not allow changing permissions, so use regedt32. This solution will work for any connection method (radmin, RDP, VNC), provided that the user logs in with his account.
radmin + special driver from melkosoft to disable writing to disk after the system is configured.
As a result, a simple reboot of the machine brings it back to its original state.
www.flashboot.ru/News-article-25.html
In Windows XP, Windows Vista and Windows 7, it is possible to publish a separate application (similar to seamless mode or remoteapp), the so-called. RemoteApp for Hyper-V (although it is indirectly related to Hyper-V). You can use software restriction policy to enforce restrictions on running programs.
Of the limitations of this solution - no more than one remote connection.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question