Hi guys, we've set up a 2x ApplicationServer on a Windows 2008 r2 Server with Terminalservices on, now ive wondered, how do YOU manage the NTFS rights in YOUR specific system? Do you leave it at standart values? Wich in wich specific directorys does a user need wich specific rights? How can I minimize a useres control over the terminalserver? Thans in advance.
Another best practice is to combine the 2X ApplicationServer with a profile management and/or lockdown tool for terminal services/remote desktop services. If you want to enhance the security the most easiest way in conjunction with terminal services and the 2X ApplicationServer you should publish only Applications to the user instead of full desktops and use the hide drive option (set this within the GPO or local registry of the TS/RDSH). This fixes the users quite nice to the applications that they need for their work.
