No announcement yet.

How to restrict a user to only run MSTSC

  • Filter
  • Time
  • Show
Clear All
new posts

  • How to restrict a user to only run MSTSC

    Hello All,

    I would like to know if it is possible to restrict a user to only be able to run the mstsc program.
    I don't want the user to run any other program, I don't want her/him to see any files, save any files, do nothing. I just want her/him to RDP into another computer and do everything there.

    Any assistance appreciated.

  • #2
    Re: How to restrict a user to only run MSTSC

    Is there not an option to run a program at logon so the user never sees the explorer shell?

    Check some of the posts here about "kiosk mode"
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: How to restrict a user to only run MSTSC

      You can change the default shell (Windows Explorer) to MSTSC for the users. in Registry: HKEY_..._...\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
      You can configure this with a GPO (However if you like edit the key in HKEY_Current_User instead of changing the value in HKLM you will need to use GPP or, create a custom adm to configure the shell in the 'user configuration' part).

      By creating the key in HKCU (it'll it will take precedence over the default setting in HKLM) you have the option to exclude users or groups (i.e. Domain Admins) for the GPO:

      Additionally, you may also like to Enable the policy: "Remove Run from Start Menu" (btw this policy also prevents the user to start programs via taskmanager)

      (essentially the same thing but more advanced solution here:

      Last edited by Rems; 21st August 2013, 16:05.

      This posting is provided "AS IS" with no warranties, and confers no rights.


      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts


      • #4
        Re: How to restrict a user to only run MSTSC

        Hello, I would consider purchasing a thin client. They are relatively cheap and would help in your situation.
        Please remember to award reputation points if you have received good advice.
        I do tend to think 'outside the box' so others may not always share the same views.

        MCITP -W7,
        MCSA+Messaging, CCENT, ICND2 slowly getting around to.