hamidja
Enthusiast
Enthusiast

Prevent horizon RDSH User from remote desktop to other systems

Jump to solution

Hi

I need to isolate my horizon RDS users so I want they couldn't  remote desktop to other systems after they connect to RDS server. also we need they couldn't use and see other system share but a Z drive that I map to them. I am using Horizon 2006 and windows server 2019.

Thank you in advance

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
rogal7
Enthusiast
Enthusiast

I think you can:

- block port 3389 (outbound) on a firewall

- remove C:\windows\system32\mstsc.exe or at least rename it or set advanced permissions so non-admins users are not able to execute the file

- set AppLocker policy: https://social.technet.microsoft.com/wiki/contents/articles/5211.how-to-configure-applocker-group-po...

View solution in original post

1 Reply
rogal7
Enthusiast
Enthusiast

I think you can:

- block port 3389 (outbound) on a firewall

- remove C:\windows\system32\mstsc.exe or at least rename it or set advanced permissions so non-admins users are not able to execute the file

- set AppLocker policy: https://social.technet.microsoft.com/wiki/contents/articles/5211.how-to-configure-applocker-group-po...