![]() ![]() Now that you know that any user authorized to use a RemoteApp program can also easily connect to an entire Windows Server session, it makes sense to minimize the available interface on that server to prevent your user from walking around too easily on the server. redirect only the default client printer : to limit the number of devices to redirect.This avoids the installation of additional printer drivers on your server. force your server to use the Easy Print driver for all redirected printers.disable client printer redirection by enabling this policy : Do not allow client printer redirection.To avoid installing too many drivers and prevent your users from trying to install a malicious printer driver (which is complicated to create, but they exist), you can : Plug-and-Play devices : to not redirect USB keys (which can be infected) and other Plug-and-Play devices. ![]() drives : to prevent your users from copying server data to one of their physical PC partitions and to avoid infecting your server with a virus on the client PC.the clipboard : to block the copy/paste that everyone knows.Then, to better secure your session host server and also avoid theft of data by a simple copy/paste, you can for example deny the redirection of : To prevent you from being logged out because of a user, we recommend that you enable the "Deny log off of an administrator logged in to the console session" policy found in : Computer Configuration -> Policies -> Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections. This may also happen to you if users attempt to reconnect because of an automatic logout (due to insufficient licenses). If there are not enough, some users will be disconnected automatically when the following ones connect. In fact, for RDS users to be able to connect, there must be enough Client Access Licenses (CALs) on the license server of your RDS infrastructure. To begin, we will enable a strategy that will avoid bad jokes when you try to troubleshoot a server where the number of CALs would be insufficient. Secure your session host server with group policies (GPO)
0 Comments
Leave a Reply. |