- Secure Desktop is very likely to conflict with the security policies defined by Active Directory.
- Secure Desktop's primary purpose is to customize the user interface, not to apply access permissions. Its use should be combined with the Permissions feature to secure access to different drives.
You can configure the security level for each user or group.
There are three security levels:
- The Windows Mode, where the user has access to a default Windows session.
- The Secured Desktop Mode, where the user has no access to the Control Panel, programs, disks, browser, no right-click...: no access to the server resources. He just has access to documents, printers, Windows key and can disconnect his session.
- The Kiosk Mode is the most secure one, where the user has very limited actions in his session.
In any mode, you have the possibility to customize the security on three levels:
Users/Groups rules priorities
When a user opens a new session on the server:
- If this user has a Security Level directly defined for himself, then this Security Level is enforced.
- If this user does not have a Security Level directly defined for himself, then TSplus Advanced Security will load any existing Security Level settings for all the groups of this user, and keep the more permissive rules.
For instance if a first group has a rule to remove the Recycle Bin icon from the desktop, but this rule is disabled for a second group, then the user will have the Recycle Bin icon on his desktop. The same priority rules will apply on every custom rule (Desktop Security, Disks Control and Applications Control) as well as for the principal Security Level (the Windows Mode being considered more permissive than the Secured Desktop Mode, which is considered more permissive than the Kiosk Mode).
N.B : In order to disable the right click everywhere, you must select the following two options:
- Restrict Right Click
- Remove Context Menu