access deny Terminal Service Mapping Local computer hard disk(device)
如此可防止user將網路之file copy走
Configure settings for mapping client devices
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To configure settings for mapping client devices
Using Group Policies (best practice)
1. Open Group Policy.
2. In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, Client/Server data redirection double-click the specific setting for the feature you want to configure, and then click Enabled.
Important
· You should thoroughly test any changes you make to Group Policy settings before applying them to users or computers. For more information on testing policy settings, see Resultant Set of Policy.
· To disable the redirection of clipboard data between server and client in Terminal Services sessions, enable Do not allow clipboard redirection.
· To enable the redirection of audio data between the server and the client in Terminal Services sessions, enable Allow audio redirection. (Note that audio redirection is disabled by default in Terminal Server).
· To disable the mapping of client COM ports in Terminal Services sessions, enable Do not allow COM port redirection.
· To disable the mapping of client printers in Terminal Services sessions, enable Do not allow client printer redirection.
· To disable the mapping of client LPT ports in Terminal Services sessions, enable Do not allow LPT port redirection.
· To disable the mapping of client drives in Terminal Services sessions, enable Do not allow drive redirection.
· To disable specifying of the default client printer as the default printer in a Terminal Services session, enable Do not set default client printer to be default printer in a session. The client printer is designated as the default printer for a Terminal Services session.
Note
· Use the above procedure to configure the local Group Policy object. To change a policy for a domain or an organizational unit, you must log on to the primary domain controller as an Administrator. Then, you must invoke Group Policy through the Active Directory Users and Computers snap-in.
Note
- These policies affect every client that connects to the terminal server. To define client device settings on a per-user basis, use the corresponding policies under User Configuration.
Using Terminal Services Configuration
1. Open Terminal Services Configuration.
2. In the console tree, click Connections.
3. In the details pane, right-click the connection for which you want to configure client device mappings, and then click Properties.
4. On the Client Settings tab, under Disable the following, select the appropriate check boxes:
· Drive mapping to disable client-drive mapping. By default, Drive mapping is enabled (cleared).
· Windows printer mapping to disable client Windows printer mapping. By default, Windows printer mapping is enabled (cleared). When enabled, clients can map Windows printers, and all client printer queues reconnect at logon. However, when both LPT and COM port mappings are disabled, you will be unable to manually add printers. When Windows printer mapping is disabled (checked), clients are unable to map Windows printers and client printer queues are not reconnected at logon. However, you will be able to manually reconnect printers if LPT port mapping or COM port mapping is enabled (cleared).
· LPT port mapping to disable client LPT port mapping. By default, LPT port mapping is enabled (cleared). When enabled, client LPT ports are mapped for printing and are available in the port list of the Add Printer wizard. You need to manually create the printer to the LPT port using the Add Printer wizard. When LPT port mapping is disabled (checked), client LPT ports are not automatically mapped. You will be unable to manually create printers using LPT ports.
· COM port mapping to disable client COM port mapping. By default, COM port mapping is disabled (cleared). When enabled, client COM ports are mapped for printing and are available in the port list of the Add Printer wizard. You will need to manually create the printer to the COM port using the Add Printer wizard. When COM port mapping is disabled (checked), client COM ports are not automatically mapped. You will be unable to manually create printers using COM ports.
· Clipboard mapping to disable client clipboard mapping. By default, Clipboard mapping is enabled (cleared).
· Audio mapping to disable client audio mapping. By default, Audio mapping is disabled (checked).
Note
· To open Terminal Services Configuration, click Start, click Control Panel, double-click Administrative Tools, and then double-click Terminal Services Configuration.
Notes
- To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
- Group Policy overrides the configuration set with the Terminal Services Configuration tool.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
沒有留言:
張貼留言