So I have a Group Policy Object that I'm working on to tie down a Server 2008 terminal server. I need to use the GP Management Console version 1 because my DC's and domain are Server 2003. I am doing application streaming and the part that I'm trying to secure is the Save Dialog box. Currently the GPO is linked to a specific security group in which my test user is located and linked to the terminal servers OU which contains those servers.

I am able to block the local disks of the server when saving a file and by using Citrix policies I am able to bring over just their local disk C as "V" and their windows default printer. Printing is fine, what isnt working for me is the options to block "Entire Network", etc. in the group policy. When I go to save a file from Adobe Reader I can choose the "Network" icon and see all other computers and their respective shares on my domain, this wont cut it for a client utlized system and I'm at a loss as to what I'm doing wrong...

I was wondering if possibly the policy I'm creating isnt applying those pieces to the 2008 servers because there doesnt seem to be a "My Network Places" in Server 2008 anymore, instead it's just shortened to "Network" I also want to prevent the user somehow from seeing his own users folder in 2008 with all those subfolders (like downloads, music, pictures, etc.) and from saving items to the desktop on the server, just their V drive/local disk C on the client PC.


Comments, criticism, or suggestions are welcome