3

I have linux clients that connect to my Windows Server 2008 using xfreerdp.

The clients have a single folder that is redirected to the Windows server and this works fine.

My question is if there is a way on the Windows server to make the tsclient folder read-only, so that users can copy from and open the pdf documents in their Windows session, but can't delete or copy to the folder.

EDIT:

The best I can come up with is to do this on the linux clients,

mkdir $HOME/foo mount --bind /foo /foo-share; mount -o remount,ro /foo-share

joshu
  • 791
  • 3
  • 12
  • 28

2 Answers2

1

There isn't a way to do this within RDP via policy/setting/regkey/etc. The only option is to either enable or disable drive redirection, which doesn't really solve your issue.

Like you say, the only real workaround is to change the rights the user has on the client side to those drives/folders/mounts.

The RDP session treats it as if whatever rights you had on those devices/drives before you connected will be the same as when you connect and get them redirected.

Another alternative would possibly be to not allow drive redirection (disabled on the server side) and put all of the PDFs you are referring to in a read-only folder on the server or another drive mapping upon login/RDP.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • The reason for the local folder is to allow local scanning. So users scan locally and the scanned documents are saved as PDFs say $HOME/scanned_docs. To get the documents on Windows in their session I need to redirect that folder, but to prevent users copying files from Windows to their local linux system that's what I'm trying to do. – joshu Jul 30 '13 at 14:06
  • Understood. Doing what you are doing by creating a RO mount of that folder and then allowing that to be the redirected drive mount is the only way I can think of as well. – TheCleaner Jul 30 '13 at 14:39
0

Why can't you just adjust the permissions for the folder in the windows share? Login as domain admin or local admin to the windows box, then adjust who has security access to the share and edit the settings to where it's read-only? They would still be able to view and copy the files out of the share, and it wouldn't allow them to paste or over write the data when they attempt to push the file back?

user182030
  • 31
  • 3
  • 6
  • Because it's not a windows share, but a local share on the linux client. I don't get any permissions settings for tsclient on Windows. – joshu Jul 30 '13 at 18:55