This project has moved and is read-only. For the latest updates, please go here.

Windows Terminal Server non-administrator local mounts

Topics: Users Discussion
Apr 15, 2016 at 7:23 AM
Can terminal server users mount their own containers to SAME driver letter in their own non-admin terminal sessions ? As I see, if user mounts container to X: , everybody gets X: in their sessions. Is it possible to separate ? Using Windows 2003 R2 32-bit server.
Apr 15, 2016 at 9:21 AM
You will have to pick up free drive letter. Only way how to prevent other users from accessing your mounted data on a shared system is using proper ntfs permissions. 1. Take ownership of your mounted drive and 2. set you as the only user who has full controll (delete others). Other users will see the letter, but they will be unable to access it. Remeber, that administrators can take ownership and get to your mounted data anyway.

Can you run virtual machine in your session? That could be the solution to your problem, but administrators can always kick you out, hijack your active session and get to your data.
Apr 18, 2016 at 10:43 AM
Terminal Server users must use their own CRYPTO keys. Veracrypt seems very much fits for this to be a secure container.
Production APP wants to pick up these crypto keys from A:
So:
  • A: contents must be unique for one user session only
  • And It's preferable, to place secure containers on server side (it's hard to copy it from that server)
This plan crashed because of total visibility of mounted A: to everyone