Remoteapp security issue

win 2012 r2 remote desktop services; deploy remoteapp security in mind.

i published couple of remoteapp, including excel. gave permissions , stuff restrict users following "least privilege" vision.

opened excel win7 client. turns out when saving file excel, if write "cmd" name file textbox, command line opens. same if write "control panel" or notepad or .. whatever want.

i wonder what's purpose of publishing remoteapp , fine tuning permissions when can use every application installed on  session host.

also, there isn't way hide local disks, network discovery pc, deny logon remote desktop on session host.... , on.

how can manage of above bit of security in mind ? understand have "fix" these issues combined set of tricks (logoff.exe custom shell, hiding disks registry, applocker integration ... ) .. if (and of course) forget ?

thanks suggestions.

hi,

i wonder what's purpose of publishing remoteapp , fine tuning permissions when can use every application installed on session host.

remoteapp has own benefits such can launched start menu other application, launched windows search.

for more details, here related article below you:

introducing remoteapp , desktop connections

http://blogs.msdn.com/b/rds/archive/2009/06/08/introducing-remoteapp-and-desktop-connections.aspx

also, there isn't way hide local disks, network discovery pc, deny logon remote desktop on session host.... , on.

to restrict users accessing local drives on rd session host, here article below you:

how restrict users accessing local drives of rd session host server while using remoteapp programs

http://blogs.msdn.com/b/rds/archive/2011/05/26/how-to-restrict-users-from-accessing-local-drives-of-an-rd-session-host-server-while-using-remoteapp-programs.aspx

best regards,

amy

---

please remember mark replies answers if , un-mark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com.

Windows Server  >  Remote Desktop Services (Terminal Services)