Open URLs in RDP client's default browser?
in [Terminal Services]
|
From: "Jeff Vandervoort" jeffv at jrvsystems dot on 24 Mar 2010 11:14 They DEFINITELY will not have elevated permissions! Restricting running from %USERPROFILE% & folder redirect location is worth considering. Interesting article on Symantec's forum about restricting apps in %AppData%, too. https://www-secure.symantec.com/connect/articles/how-use-sep-protect-against-rogue-browser-helpers SEP has a more granular solution than Group Policy, though I haven't looked in to the WS2008 & R2 changes to this in Group Policy, which are supposed to be less of a PITA than the Win 5.x policies were. All good things to consider as I set this up; thanks! -- Jeff Vandervoort JRVsystems http://www.jrvsystems.com "Rob" <nomail(a)example.com> wrote in message news:slrnhqjjbf.7or.nomail(a)xs8.xs4all.nl... > Jeff Vandervoort <jeffv> wrote: >> Considering setting up WS2008 R2 RDP which will host applications. My >> preference is that if someone clicks a hyperlink in an e-mail app that it >> opens the URL on the client computer's default browser, NOT on the RD >> server. This will enable them to install FakeAV 2010 on their computer >> instead of my mine<g>. > > What you can do is setup a software restriction policy that allows the > users to only execute programs that you explicitly list, or only programs > in directories that the users don't have write access to. > > (i.e. they can execute programs in %windir% and %ProgramFiles% but not > in %UserProfile%) > > This means they cannot execute anything they have downloaded. > Of course this only works when you don't give your users Admin or > Power User permissions.
From: nospam on 16 Apr 2010 10:29 Hi, You can use TSRemoteExec. Read here: http://groups.google.com/group/microsoft.public.windows.terminal_services/browse_thread/thread/ed1221b21597f601/a27e53721a473c7a?hl=en&ie=UTF-8&q=how+TSRemoteExec Regards Thomas "Jeff Vandervoort" <jeffv at jrvsystems dot com> a �crit dans le message de news: eGRLo4HyKHA.2552(a)TK2MSFTNGP04.phx.gbl... > Considering setting up WS2008 R2 RDP which will host applications. My > preference is that if someone clicks a hyperlink in an e-mail app that it > opens the URL on the client computer's default browser, NOT on the RD > server. This will enable them to install FakeAV 2010 on their computer > instead of my mine<g>. > > My RDP experience is with WS2003, where this is not possible. Is it > possible with WS2008 R2? > > If so, does it require a specific version of the RDP client for Windows? > Mac? > > TIA > > -- > Jeff Vandervoort > JRVsystems > http://www.jrvsystems.com > >
First
|
Prev
|
Pages: 1 2 Prev: Don't know if I'm in the right place, but... Next: Mac RDP 2.0 client & WS2008 R2 |