How can XP/VS Terminal Server limit a specific user to a single application at RDP login


TSX Application Control will allow server side access restrictions for remote applications.
As TSX Application Control is currently still under development you can use the following workaround in the mean time to define a fix application that should be started per user at RDP logon.

However, this application will be started with a fixed size instead of the Windows Desktop inside your RDP session, so it will not be a seamless Remote Application.
Seamless Remote Applications will only be available with TSX Application Control.

Step 1
Add this specific user to the administrators group so that he has sufficient rights to start gpedit.msc.
You can remove this user again from the administrators group later.

Step 2
Start gpedit.msc and enter the program you want to start at RDP logon for this specific user.
For details please see the attached screenshot.

Step 3
Log off and log on again as administrator. Then you can remove this specific user again from the administrators group


If you want to limit all users to start just one application by RDP-login, start the Group Policy Editor as administrator and configure that setting as described above. This setting overrides any configured entry in the rdp-client. And the Start Menu will not be displayed. When the user exists the program, he will be logged off automatically.


Please note !!!

This setting is available since Windows 7 (not for Starter/Home) and Windows Server 2008  !

Tags: Application Control, at login, limit all users, limit one user, RDP, restrict users, start single application