Managing RDP through Group Policy

[telecomguy9]

Hi everyone. I put this in the client thread because I think that's where it should go based on what I'm trying to figure out. Let me explain. I have a friend who has a small business. He's running SBS 2003 and has all XP Pro sp3 workstations on the network. He has only 1 server. He has someone that needs to work from home (across the country) and he wants this person to RDP into a workstation at the office, not the server. That's why I put this post in this thread. I think this is where it should go, but feel free to move it if needed.Here's the rub. He has everyone sign non-disclosure agreements, which is great and all, but he wants to add another level of security by limiting what this person can do, as well as anyone else who may end up working from home, through RDP. He'd like to now allow bringing drives over through RDP (her local C: drive mapped to her session with the XP client on the other side of the country), nor printers, nor clipboard, etc. He basically doesn't want her to have the options you would normally have when RDP'd in. He wants it to be truly as if she's just sitting in the office in front of the client PC instead of being a few thousand miles away. Does that make sense?Anyway, I'm figuring we can accomplish all of this through Group Policy, but what I'm unsure of is if we want to edit the local group policy on the client PC or do it all through the server instead. He's really only focused right now on this one particular user and not the rest of the employee's. There are, however, 2 or 3 other employee's that do use RDP to work from home on occasion. These users are local to the area.What are your thoughts?

[crp]

I don't think you want RDP at all, but a VLAN connection.RDP is like a real long monitor cableVLAN is like a real long network cable

[rbdietz]

I don't think you want RDP at all, but a VLAN connection.RDP is like a real long monitor cableVLAN is like a real long network cable

Will VLAN make it possible to prevent Remote User from -

1. Using a camera to take screen shots of the monitor of the remote machine?(Total obvious answer, but included for consideration by telcomguy9 & friend. )
2. Taking screen shots via a program running in the background on the remote machine?
3. Saving files to a local drive on the remote machine?
4. Printing to a printer directly connected to the remote machine?

Assuming that VLAN allows Remote User one or more of the above actions, can VLAN make it possible for telecomguy9's friend to have a reasonable expectation of knowing that Remote User has executed the action?

[crp]

a little OT , but what name does microsoft use for the RDP log file?