Results 1 to 3 of 3
  1. #1
    3 Star Lounger
    Join Date
    Dec 2001
    Location
    Atlanta, Georgia, USA
    Posts
    276
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thumbs up

    Hi everyone. I put this in the client thread because I think that's where it should go based on what I'm trying to figure out. Let me explain. I have a friend who has a small business. He's running SBS 2003 and has all XP Pro sp3 workstations on the network. He has only 1 server. He has someone that needs to work from home (across the country) and he wants this person to RDP into a workstation at the office, not the server. That's why I put this post in this thread. I think this is where it should go, but feel free to move it if needed.

    Here's the rub. He has everyone sign non-disclosure agreements, which is great and all, but he wants to add another level of security by limiting what this person can do, as well as anyone else who may end up working from home, through RDP. He'd like to now allow bringing drives over through RDP (her local C: drive mapped to her session with the XP client on the other side of the country), nor printers, nor clipboard, etc. He basically doesn't want her to have the options you would normally have when RDP'd in. He wants it to be truly as if she's just sitting in the office in front of the client PC instead of being a few thousand miles away. Does that make sense?

    Anyway, I'm figuring we can accomplish all of this through Group Policy, but what I'm unsure of is if we want to edit the local group policy on the client PC or do it all through the server instead. He's really only focused right now on this one particular user and not the rest of the employee's. There are, however, 2 or 3 other employee's that do use RDP to work from home on occasion. These users are local to the area.

    What are your thoughts?

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,162
    Thanks
    47
    Thanked 976 Times in 906 Posts
    Fire up gpedit.msc on the computer you want to control and go to Computer Config > Admin Templates > Windows Components > Terminal Services > Client/Server data redirection.
    This won't prevent the user performing a print screen on their local computer and printing that, so it doesn't really fix the problem - you have to trust your staff.

    I would make sure you have a VPN / encrypted connection to the office as well, you don't want plain data sent over the internet.

    cheers, Paul

  3. #3
    3 Star Lounger
    Join Date
    Dec 2001
    Location
    Atlanta, Georgia, USA
    Posts
    276
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the information. That's exactly what I needed to know. I'll check it out and see what the options are. I'll get back to you to let you know how it works.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •