A
Alcksang
My company actually is a Application Service Provider which enable our
clients to logon to our systems through Terminal Servers to access our
Application.
Unfortunately, our Application need to have a 'File -> Open' function to
open some files for the Application.
Althought, we have used the GPO for Terminal Service to only allow the users
in just accessing the Application itself.
What I have found out is that, through this 'File -> Open' function, I can
easily navigate to 'Windows\System32' to activate the 'cmd.exe' command. From
here, then I can do whatever I want especially when there is a Administrator
account (some users need that better authority to some service).
May I know if there is any kind of ways in blocking our users in navigating
to the 'cmd.exe' command or simply to say, block them from accessing the
'System32' commands?
clients to logon to our systems through Terminal Servers to access our
Application.
Unfortunately, our Application need to have a 'File -> Open' function to
open some files for the Application.
Althought, we have used the GPO for Terminal Service to only allow the users
in just accessing the Application itself.
What I have found out is that, through this 'File -> Open' function, I can
easily navigate to 'Windows\System32' to activate the 'cmd.exe' command. From
here, then I can do whatever I want especially when there is a Administrator
account (some users need that better authority to some service).
May I know if there is any kind of ways in blocking our users in navigating
to the 'cmd.exe' command or simply to say, block them from accessing the
'System32' commands?