I have deployed Remote Desktop Services on Windows Server 2012 R2 and have published a number of apps which appear on the RD Web page. Because apps have been published, the full desktop option has been removed from the RD Web page.
Users that are allowed access to this RDS environment have been added to a security group created solely for RDS. This same group is therefore listed as a member of the Remote Desktop Users group in Local Users and Groups on the RDS Session Host.
Although the full desktop option has been removed from the RD Web page, users in the RDS security group are still able to open MSTSC and remote into the RDS server and therefore access a full desktop.
I would like to know if it is possible to prevent a user from using the Terminal Services client (MSTSC) to make a remote desktop connection to a full desktop on the RDS Server. I only want users to be able to access the RD Web page.
Thanks in advance for any help.