Kelly,
I think the easiest way to do this is to setup thier rdp client to automatically open vantage. Once Vantage is closed the session will close. You get there by going to the Terminal Services Configuration - Connections - RDP-TCP and access the Environment tab. There you have to setup Vantage to be the initial app. From below, I am assuming that this is the only reason users access the terminal server.
Bruce Butler
Message: 5
Date: Mon, 29 Nov 2004 08:47:04 -0600
From: "Kelly Wendorff" <kelly.wendorff@...>
Subject: OT: How to lock down Terminal Server for Vantage Users? Windows 2003 Active Directory
We are upgrading to 6.1 and plan on using Terminal Server to run Vantage
(historically we have run the Vantage software on a server and users
connected through a local client install).
We will use the same server for the Vantage db and the terminal services
(we like the speed benefits from a single server)
We need to lock down the Terminal Server for users who log on to run
Vantage (ex: we want to lock down start menu, access to windows
explorer...etc.). Basically, we want to give users the ability to only
run Vantage and nothing else. We are doing this through group policy
(Windows Server 2003 AD) and it works fine. However, it locks down
EVERY user, including administrative users. Ideally, we'd like to have
3 separate groups - Admins with full access, Vantage Power users with
access to Practice Company and report builders and a Vantage user group
with access to Vantage only.
We are experimenting with WMI queries to limit the scope of the GPO.
Does anyone have any experience with this? Are we going down the right
path? If so, how would I right a query to apply to a single computer
and multiple users in a computer group?
Any help would be greatly appreciated...
TIA,
Kelly Wendorff
Cost Accounting
Steel Craft Corp
Hartford, WI
[Non-text portions of this message have been removed]
I think the easiest way to do this is to setup thier rdp client to automatically open vantage. Once Vantage is closed the session will close. You get there by going to the Terminal Services Configuration - Connections - RDP-TCP and access the Environment tab. There you have to setup Vantage to be the initial app. From below, I am assuming that this is the only reason users access the terminal server.
Bruce Butler
Message: 5
Date: Mon, 29 Nov 2004 08:47:04 -0600
From: "Kelly Wendorff" <kelly.wendorff@...>
Subject: OT: How to lock down Terminal Server for Vantage Users? Windows 2003 Active Directory
We are upgrading to 6.1 and plan on using Terminal Server to run Vantage
(historically we have run the Vantage software on a server and users
connected through a local client install).
We will use the same server for the Vantage db and the terminal services
(we like the speed benefits from a single server)
We need to lock down the Terminal Server for users who log on to run
Vantage (ex: we want to lock down start menu, access to windows
explorer...etc.). Basically, we want to give users the ability to only
run Vantage and nothing else. We are doing this through group policy
(Windows Server 2003 AD) and it works fine. However, it locks down
EVERY user, including administrative users. Ideally, we'd like to have
3 separate groups - Admins with full access, Vantage Power users with
access to Practice Company and report builders and a Vantage user group
with access to Vantage only.
We are experimenting with WMI queries to limit the scope of the GPO.
Does anyone have any experience with this? Are we going down the right
path? If so, how would I right a query to apply to a single computer
and multiple users in a computer group?
Any help would be greatly appreciated...
TIA,
Kelly Wendorff
Cost Accounting
Steel Craft Corp
Hartford, WI
[Non-text portions of this message have been removed]