How to lock down your Linux server

Similar Messages

• How to compile form in linux server

  Hi All:
  Any one can say how to compile form in linux server using form builder fmb.

  If you are talking about forms 10g then here is the method
  1) run x windows interface on your machine
  2) login to linux server
  $ export DISPLAY=<IP address of machine>:0.0
  $ frmcmp.sh module_type=form module=myform.fmb userid=user/password@connectstring compile_all=yes
  Regards
  Anuj

• HOW TO: Set up your application server to run BC4J

  How To set up your application server to run BC4J.
  INTRODUCTION
  A running BC4J application is actually the combination of:
  * Your own application files
  * BC4J runtime libraries
  In order to successfully run your BC4J application in local mode, the first requirement is
  that your application server contains the necessary BC4J libraries.
  This How To describes the steps required to ensure that you have a functional
  BC4J runtime environment installed on your application server.
  Oracle IAS 1.0.2 and Tomcat 3.1 will be used as examples.
  THE BC4J RUNTIME LIBRARIES
  Whatever application server you deploy to, the following libraries
  are required in the following order to be in the classpath.
  BC4J Libraries:
  xmlparserv2.jar
  jdev-rt.zip
  jbojdbcpatch.zip
  connectionmanager.zip
  jbohtml.zip
  jboimdomains.zip
  ordim817.zip
  ordvir817.zip
  ordhttp.zip
  jbomt.zip
  jbodomorcl.zip
  jboremote.zip
  jndi.jar
  jbodatum12.zip
  These libraries can be found in <JDEV_HOME>/lib/
  INSTALLING THE LIBRARIES ON IAS:
  Installing the libraries is simply a matter of copying them to the
  application server's filesystem and adding them to the classpath.
  IAS's classpath can be modified by editing the file:
  <IAS_HOME>\Apache\Jserv\conf\jserv.properties
  In this file you'll find the existing pre-installed BC4J libraries which
  looks like this:
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\lib\ordvir817.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\lib\ordim817.zip
  etc.
  Note! These BC4J libraries correspond to JDeveloper 3.1.1.
  In order to run JDev 3.2 based applications you will have to update these libraries
  to JDeveloper 3.2 production.
  Steps:
  1. Copy (or FTP) the JDev 3.2 BC4J libraries from <JDEV_HOME>\lib to a NEW directory on the
  appserver's filesystem called:
  <IAS_HOME>\Apache\BC4J\newlib
  2. Modify the classpath by editing <IAS_HOME>\Apache\Jserv\conf\jserv.properties.
  Example: (modified classpath entries)
  # New 3.2 BC4J Runtime libraries
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\xmlparserv2.jar
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jdev-rt.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jbojdbcpatch.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\connectionmanager.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jbohtml.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jboimdomains.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\ordim817.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\ordvir817.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\ordhttp.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jbomt.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jbodomorcl.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jboremote.zip
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jndi.jar
  wrapper.classpath=<IAS_HOME>\Apache\BC4J\newlib\jbodatum12.zip
  Note: Make sure to remove or comment out the existing 3.1.1 BC4J library entries!
  To see the changes, you must restart IAS and that's it, your IAS will be updated with
  the JDev 3.2 BC4J libraries which allow you to run BC4J Data Tags among other
  things!
  INSTALLING THE LIBRARIES ON TOMCAT
  As before, this process involves both the copying of the libraries
  and modifying the classpath.
  After copying the BC4J libraries to a path accessible from Tomcat,
  you can modify Tomcat's classpath by editing it's startup script:
  <TOMCAT_HOME>\bin\tomcat.bat (NT)
  <TOMCAT_HOME>\bin\tomcat.sh (Unix)
  Here is a portion of a modified tomcat.bat (on NT)
  rem Add BC4J libraries
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\xmlparserv2.jar
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jdev-rt.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jbojdbcpatch.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\connectionmanager.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jbohtml.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jboimdomains.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\or dim817.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\ordvir817.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\ordhttp.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jbomt.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jbodomorcl.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jboremote.zip
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jndi.jar
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\jbodatum12.zip
  rem Add Oracle JDBC library
  set CLASSPATH=%CLASSPATH%;D:\bc4j_lib\classes12.zip
  Note: I also added the Oracle JDBC library since Tomcat does not have it.
  It is found at:
  <JDEV_HOME>\jdbc\lib\oracle8.1.7\classes12.zip
  And That's It!
  When Tomcat is restarted using this script, the necessary BC4J libraries
  will be in the classpath..
  A follow up How To:"How To Deploy a BC4J JSP Application on IAS and Tomcat"
  will be posted shortly!

  I copied the following files in jserv classpath
  bc4jct.jar
  bc4jctejb.jar
  bc4jdomorcl.jar
  bc4jhtml.jar
  bc4jimdomains.jar
  bc4jmt.jar
  bc4jmtejb.jar
  bc4juixtags.jar
  collections.jar
  datatags.jar
  jdev-cm.jar
  regexp.jar
  share.jar
  uix2.jar
  cabo.war
  classes12.jar
  nls_charset12.jar
  ordim.jar
  ordhttp.jar
  runtime12.jar
  jdev-rt.jar
  xmlparserv2.jar
  bc4j_jclient_common.jar
  webapp.war
  I got this list from Jdev 9031 on-line help
  I also copied the new DataTags.tld file to /webapp directory
  When i run my jsp page i get this error..
  java.lang.NoClassDefFoundError: java/util/TimerTask
       at oracle.jbo.http.HttpContainer.findSessionCookie(HttpContainer.java:693)
       at oracle.jbo.html.jsp.datatags.ApplicationModuleTag.doStartTag(ApplicationModuleTag.java:148)
       at jspapp.odrjsp__html._menu._jspService(Compiled Code)
       at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
       at oracle.jsp.app.JspApplication.dispatchRequest(Compiled Code)
       at oracle.jsp.JspServlet.doDispatch(Compiled Code)
       at oracle.jsp.JspServlet.internalService(Compiled Code)
       at oracle.jsp.JspServlet.service(Compiled Code)
       at javax.servlet.http.HttpServlet.service(Compiled Code)
       at oracle.portal.provider.v1.http.JspRenderer.renderBody(JspRenderer.java:116)
       at oracle.portal.provider.v1.RenderManager.render(RenderManager.java:164)
       at oracle.portal.provider.v1.http.ServletProviderResponse.showPortlet(Compiled Code)
       at oracle.portal.provider.v1.http.HttpProvider.dispatchProviderAction(Compiled Code)
       at oracle.portal.provider.v1.http.HttpProvider.service(Compiled Code)
       at javax.servlet.http.HttpServlet.service(Compiled Code)
       at org.apache.jserv.JServConnection.processRequest(Compiled Code)
       at org.apache.jserv.JServConnection.run(Compiled Code)
       at java.lang.Thread.run(Compiled Code)
  In the JDK 1.3 APi docs, i found that TimerTask was introduced only in JDK 1.3
  Does this mean that BC4J (in jdev 9031) will only work
  with JDK 1.3 or later?
  Thanks for your time.
  Harish

• How to install PEAR on Linux server

  Hi
  I have PHP installed on one linux server and developers are using it already. I have been given the task to get the oci8 (oracle connectivity) done on this same server. I can not do the reinstall of whole PHP again. During the install of OCI extention I got many errors for missing PEAR files.
  So I went through the PEAR document and found "php go-pear.php" command to install the PEAR package. This command fails with below error.
  download of http://pear.php.net/get/PEAR?uncompress=yes failed: Failed to parse address "" (0)
  The problem is this Linux box does not have direct internet connectivity so I had to download all the required packages as per go-pear.php on my local machine and I am FTPing them to this linux box. I have kept the "PEAR-1.8.1.tar" file in the same directory where go-pear.php file exists but still the above command tries to download it from internet.
  Could you please tell me how can I overcome this problem. Please let me know if there are any RPM's that I can use to install PEAR rather that "php go-pear.php" command.
  Thanks
  Shelly

  Hi CJ.
  It has been more than 4 weeks that I am strugling to get PHP-Oracle work on my system. You are the only hope right now. I have gone through so many articles and white pages that I am totally confused and starting to hate PHP or actually Suse Linux. :-)
  Below are the details of my system.
  more SuSE-release
  SUSE LINUX Enterprise Server 9 (i586)
  VERSION = 9
  PATCHLEVEL = 4
  rpm -qa php* No results
  rpm -qa ph* --No results
  rpm -qa oracle*
  oracle-instantclient-devel-10.2.0.4-1
  oracle-instantclient-basic-10.2.0.4-1
  * which php*
  */usr/bin/php*
  * php -version*
  PHP 4.3.4 (cli) (built: Jan 17 2008 09:55:23)
  Copyright (c) 1997-2003 The PHP Group
  Zend Engine v1.3.0, Copyright (c) 1998-2003 Zend Technologies
  This is what I see on my system
  */usr/bin> ls -l |grep php*
  -rwxr-xr-x 1 root root 100308 2008-01-17 05:03 asp2php
  -rwxr-xr-x 1 root root 1392441 2008-01-17 04:55 php
  -rwxr-xr-x 1 root root 684 2008-01-17 04:55 php-config
  -rwxr-xr-x 1 root root 593 2008-01-17 04:55 phpextdist
  -rwxr-xr-x 1 root root 2082 2008-01-17 04:55 phpize
  /usr/bin> whereis php
  php: /usr/bin/php /etc/php.ini /usr/lib/php /usr/include/php /usr/share/php /usr/share/man/man1/php.1.gzI see that PHP is already installed on my system which is version PHP 4.3.4.
  Question.
  1) Do i have to upgrade the PHP version to the latest to get OCI8 configured?
  2) If the answer to the above question is Yes than could you point me to any reference doc?
  3) If the upgrade is not needed, how can I configure PHP to use OCI8 to connect to database?
  Thanks in advance
  Shelly

• Question on how to lock down an iPad for demonstration in my store.

  I work for an Apple reseller and we have a few demo iPads. The are running the current apple supplied demo content but we have a problem. We have a guy who comes in here every day and downloads his own apps and sets all of the apps to Chinese. We can't use the built in restrictions because they are disabled on demo iPads.
  I was wondering if there is a way to keep people from downloading their own apps and from changing app settings. We have to restore them about 3 times a week and it is getting to be a hassle. I tried google to no avail.
  Thanks.
  ~Britton

  Take a look at this link, http://stackoverflow.com/questions/5011774/lock-down-iphone-ipod-ipad-so-it-can- only-run-one-app

• How to lock down "settings" on my ipod?

  I need to lock down my "settings" on my ipod. I don't want to merely block access to Safari, but I want to block access to the settings area of the ipod. I have found "folder lock" apps at the Apple store, but they seem to be predominantly aimed at hiding one's ****, which is not at all what I need. I found a number of apps that would be available if I wanted to jailbreak my ipod, which I don't want to do.
  Anyone have suggestions?

  Sorry, but you cannot lock the Settings in general. Only those items that appear in the Restrictions can be locked.
  Regards.

• How to lock down the ipad for employee use

  I would like to know if they is any app or something that I can use to lock the ipad down for small business use.
  The last thing I want is my employees checking their facebook on my ipads.

  What's the need for a business plan thousands of people buyt touch pads and computers every day and don't know how to use them. More or less they end up being paper weights. Beside the restrictions are instented to stop misuse. And who said he didn't have a business plan. the ipads replace pen and paper and so employee enter information directly into the server. This lets the employee be mobile and still do their work. It's being done in places all around the world.  Ipad is an computer for the most part.
  U going to tell me he should not use computers next?  Maybe he should enter track important information at all?
  it's funny how one question of how do I restrict access on an ipad turns into an inquisition.
  Name any major corporation that let's their employee do whatever they want on their computers?  Name a College?
  That's why these companies build in this security stuff any way. You are protecting your investment by taking the proper steps to make sure that the equiptment is not misused. Where do you work where your Boss let's you do whatever you want on his or her computer. Play games? Get viruses?
  You seem to making some kind of special assumptions because it's a ipad.
  Same this goes for printers, copying machines, and coffee machines. You never give people unlimited access to any thing unless you wan to call the service man 20 times a week.

• How to "lock" down a few clips at the end of a timeline

  I'm working on an edit and the last several clips have all been edited into place and timed perfectly. I'm working backwards from the end. How in the world can I keep those last several clips from moving? With the magnetic timeline every time I try to do anything they want to move. Even with the position arrow. I've put them in their own storyline but the still move. They are connected to the primary storyline as that's the main thing.
  Seems weird there is no way to lock them in place. Maybe I am just missing something.

  everything you pretty much do in FCPX wants to happen to the primary storyline
  This is just wrong.
  Otherwise I have to work to make things not happen in the primary storyline.
  Like every other editing application. Every one has a default video and audio track. It doesn't mean everything has to go on those tracks. It doesn't even mean most of your material has to go on those tracks. Yes, you have to do something to make edits to some other layer or storyline.
  We're not going to agree on this. I'll tell you how I think you should use the application, but you can use it however you like.

• OSX 10.9.4 - How to lock down OD

    We have a server running OP, for our network.  At this point, anyone can query the data without credentials (such as by using an app like LDAPManager).  Is there a way to require authentication to query OD?  This seems like it should be something rather basic to set up, but I've not found anything in the server about it.
     Thanks to anyone for fielding my noob questions...
  --Charles

  Not sure I understand the question but Apple's LDAP offering is based on OpenLDAP and queries made to database is read only. This is by design otherwise how would clients find and access the database without having the ability to transparently read from it? Making changes to the database does require authentication.
  Assuming a 'standard' OD with non-admin networked users logging onto bound workstations you can either not include such applications in the deployment image or if you need such applications to be used by admins limit its use with a managed preference using PM or MCX.
  If your users are all local admins devise an AUP that stops the use of such applications.

• Form validation from within composer - how to lock down admin forms??

  Hello we have many space admin level users who have the privilege to add content and remove it from their pages as they see fit, however when modifying pages from inside webcenter composer there is no validation on user input / error checking. This causes many problems with users entering things improperly, or even causing bugs (such as with content presenter - if you remove a file from UCM without removing it from the "add a file" template it will break the page).
  So my question is - how do I start adding form validation to all of these screens (such as those little wrenches in composer for a task flow, or customizable layout component)? Is there a way to customize form validation for all admin screens (space - manage all, app - administration, and composer screens)?
  Thanks,
  j

  Here is the custom validation script of your drop-down.
  Make sure you tick the option to commit the selected value immediately:
       var sNewSel = event.value;
       switch (sNewSel) {
         case "ProductNo1":
           this.getField("ItemDescription").value = "blah, blah";
           this.getField("Size").value = "blah, blah";
           this.getField("UnitPrice").value = "blah, blah";
           break;
       case "ProductNo2":
           this.getField("ItemDescription").value = "blah, blah";
           this.getField("Size").value = "blah, blah";
           this.getField("UnitPrice").value = "blah, blah";
           break;
       case "ProductNo3":
          this.getField("ItemDescription").value = "blah, blah";
          this.getField("Size").value = "blah, blah";
           this.getField("UnitPrice").value = "blah, blah";
           break;
       //etc.
  You will need to replace "ProductNoX" in the script with whatever your product numbers are in the drop down.
  You can also read MarkWalsh's script in this thread:
  http://forums.adobe.com/message/5578038#5578038
  I hope this helps.

• Locking down OS X Server firewall?

  The OS X Server firewall seems to be very powerful and I want to make sure I have it configured correctly. Because I don't know what some of the services do that were enabled by default, I'm wondering if I can turn everything off in the firewall except SSH and open up other services only as needed? Or would that break the server?

  > 'm wondering if I can turn everything off in the firewall except SSH and open up other services only as needed?
  That is the default. The server enables specific ports as needed, based on the services you're running. Therefore the active set of rules should be pretty tight.
  You can check the current settings by running:
  <pre class=command>sudo ipfw show</pre>
  If there are some allow rules there that you don't understand/expect, post them here, otherwise rest assured it isn't in Apple's interest to blindly open ports that are not necessary.

• How to change your Administration Server password when you're locked out

  How to change your Administration Server password when you're locked out
  The Netscape server products are all managed by a single administration
  server, which gives you a web forms-based interface you can use to
  configure them, start/stop them, check their logs, and so forth.
  <P>
  There are three levels of protection that keep the general public from
  being able to get into your administration server and mess up the
  configuration of any Netscape servers you have installed:
  <P>
  <OL>
  <LI> <B>Obscurity:</B> Your administration server can run on any port you'd
  like (usually something between 81 and 30,000), so if an attacker
  doesn't know what port to find your admin server on, he can't get
  into it.<P>
  <LI> <B>Host restrictions:</B> You can tell your admin server to only allow
  connections from specific hosts, and to reject all other hosts.
  <P>
  <LI> <B>Password protection:</B> Even if a user connects to your admin server
  from a valid host, he won't be allowed to get into even the first
  page unless he presents a valid username and password.
  </OL>
  <P>
  If you, the legitimate administrator of your web server, are unable to
  access the administration server (if you forgot your password or the
  admin port number or if you accidentally locked your own site out),
  then here is how to get past each of these levels of protection:
  <P>
  <OL>
  <LI> If you don't remember what port your administration server is
  running on, just look in your "ns-admin.conf" file, which is in
  the "admserv" directory under your Netscape server directory.
  (For 1.x web servers on Windows NT, run "regedt32" and go to the
  "HKEY_LOCAL_MACHINE\SOFTWARE\Netscape\Administration" section).
  You will see a "Port" entry there that specifies what port your
  admin server is on. You can change this value if you want your
  admin server to run on a different port, but make sure you restart
  the admin server after you change the value.
  <P>
  <LI> If your admin server is complaining "Unauthorized host" when you
  try to connect to it, then you can open it up to all sites by
  going into the "ns-admin.conf" file or the "Administration"
  section of your NT registry, as described above, and deleting the
  lines for "Hosts" and "Addresses" (either one of those might not
  be present) then restarting your admin server (on Unix run
  "stop-admin" then "start-admin"; on NT go into the Services
  control panel and stop/start the "Netscape Administration" or
  "Netscape Admin Server" service). You will then be able to get
  back into the admin server, where you can then try new settings
  for your host and address restrictions if you wish.
  <P>
  <LI> If you have forgotten the password to your admin server and now
  you can't log into your admin pages, all is not lost! Go into
  your "ns-home" directory, and into the "admserv" directory under
  that. You should find an "admpw" text file containing a simgle
  line of text, something like this:
  admin:lnOVeixulqkmU
  The first part of that line is the name of your admin account
  (usually just "admin"), and the second part is your admin
  password, encrypted. Edit this file to remove the encrypted
  password so that your file looks like this:
  admin:
  Then shut down your admin server, bring it back up again, and log
  into your admin server but don't give any password. It should let
  you in, at which point you can then go to the appropriate
  configuration page to set a new admin password, and then you're
  back in business.
  </OL><P>
  Note that because it is so easy to change the admin password this
  way, it's good to periodically make certain that your admin
  password file and your web server's configuration files are not
  left world-writable, and that only trusted people have access to
  them. (By default they're not world-writable, but it's good to
  make sure of this from time to time.)

  If you mean that yu forgo the password for yur encrypted backup then you can only:
  Warning: If you encrypt an iPhone backup in iTunes and then forget your password, you will not be able to restore from backup and your data will be unrecoverable. If you forget the password, you can continue to back up and use the device, however you will not be able to restore the encrypted backup to any device without the password. You do not need to enter the password for your backup each time you back up or sync.
  If you cannot remember the password and want to start again, you must perform a full software restore and when iTunes prompts you to select the backup from which to restore, choose set up as a new device.
  Above from:
  http://support.apple.com/kb/HT4946

• Would like to know how to Completely Lock-down Windows 7 OS

  I don't have a general question..
  It's more like specifics about how to lock down windows 7 computers..
  Here's a little background information...
  I have two computers, both with win 7(Pro, and home prem).
  A family member can somehow bypass all bios and all windows security services... Everytime I go to work or school, he will power on my desktop and somehow 'hack' into the OS and install keyloggers or viruses so he can obtain my banking or other personal information.
  He also unlocks and deletes all the passwords so he can have access whenever he wants..
  Can someone please tell me how to do a complete lockdown? This is getting extremely annoying.. I've done everything that I can do; Also considering on switching my major to some sort of computer security. I'm starting to lose my mind over these months.. All
  help is appreciated.
  I've password protected BIOS
  I've disabled administrator accounts, i've put password on the admin and the guest user; locked the option to change passwords..
  All help is appreciated. Thank you all in advance.

  Hi,
  If you are using Windows 7 Professional, Ultimate, or Enterprise, you can use the Local Group Policy Editor to change policies that affect the security of your computer. Please check if the following policies meet you requirements.
  [User Configuration\Administrative Templates\Windows Components\Windows Explorer]
  Enable these two polices:
  Prevent access to drives from My Computer
  Hide these specified drives in My Computer
  For your reference:
  Lock Down PCs with Windows 7:
  http://technet.microsoft.com/en-us/windows/gg983426.aspx
  Also, restrict Which Programs a User Can Run. You can set rules in AppLocker in the Group Policy Editor that prevents all programs from being run.
  In addition, temporarily Lock Your Computer if Someone Tries to Guess Your Password
  If you share your computer with other family members or allow your friends to use it, you should have a password on your Windows account so no one else can log into it. However, someone may try to guess your password and log into your account. If this happens,
  you can temporarily lock your computer.
  You should also periodically change your password.
  If you suspect, you family member using a tool to bypass your password. You may use Malicious Software Removal Tool (http://www.microsoft.com/security/pc-security/malware-removal.aspx)
  to remove it.
  Hope it helps.
  Regards,
  Blair Deng
  Blair Deng
  TechNet Community Support

• How do I lock down the wifi network?

  I just had fios installed today would like to upgrade the security to wpa or wpa2. Can someone please tell me the procedure on how to do this.
  Thanks, Geoff

  gpg wrote:
  I just had fios installed today would like to upgrade the security to wpa or wpa2. Can someone please tell me the procedure on how to do this.
  Thanks, Geoff
  There are 3 things you should do to "lock down" your network.
  1. Change the default administration password. The default is password or password1.
  2. Change the SSID and set to not broadcast.
  3. Set the security to WPA-psk or WPA2-psk and pick a password key.
  To do this, log in to the router by opening your internet program and type 192.168.1.1 in to the address bar. Type admin and the password into the login page. Once logged in, click on "wireless settings". Click on "basic settings". From there you can change the SSID and turn off WEP. Once that is done, click apply. Now click on "advanced settings".  From this page you can select your security type, set the password key (recommend a sentence that is easy to remember) and turn SSID broadcast off. You can also set mac filtering for extra security. When done click apply. You should be all set.
  "If your problem has been solved, please mark it as such. Don't forget to hand out your Kudos!"

• Locked down RDS Server

  Good morning,
   I followed this tutorial to lock down my RDS Server but I have one issue.
  http://www.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
   When users are in an app they try to attach a file and explorer defaults to the c my documents. Is there a way to change it so it defaults to there network drive?
   Also, how can I have there local drives redirect to the RDS server?
  Thanks,
  Derek

  Hi Derek,
  Please disable the below policy setting and verify.
  Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
  Do not allow drive redirection
  More information.
  Make Local Devices and Resources Available in a Remote Session
  https://technet.microsoft.com/en-in/library/cc770631.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]