Windows 2012 R2 Standard Server with Windows 7 Remote Desktop Connection client of version 6.3.9600.
I would like to "lock-down" the configuration dealing with "what" a user who is able to RDP into a server is able to do and or have done. For example both devices (2012 Server and Windows 7 Client) are on the domain, when a person RDP's into a server I do not want their domain drives to map. Also a few other things like printers, etc.
I have modified the registry on the server:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
However the settings do not apply, as my drives still map when I make my connection.
I then modified keys in this location on the server:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
With the same "non-applying" results. Any ideas? Thoughts? Advise?