Hi
I am running a few RDS servers on separate Server 2008 R2 VM's. These servers are not linked in any way and are not part of any domain, they are just setup on workgroups.
I have locked down the systems using Local group policy for Non- Administrators, and this is working fine. There is one loophole however that I have found in this setup and that is the ability for a user to open an explorer window and in the address bar type SHELL:SYSTEM. This gives the user direct access to the system32 folder. the user can then traverse up in the directory structure and have access to all system files. How do i stop this.
I have disabled other variables such as %appdata% , Hidden all drives from the users, removed access to Task Manager and the RUN command. Access is blocked when using all option in Internet Explorer.
Is this only possible in Domain environment or am i just missing something, I have been searching for weeks and am now at a dead end.
Thanks in advance for any help
Grant