Hi all,
I am working on security compliance task that requires that users who connect to RDS servers not be able to browse active directory under any circumstances, and they showed me that the user can browse AD by going to print from any application and then click on find printer and then things get uglier from there until they can actually see the domain and the OUs and what not.
I disabled the find printer button with a GPO, but I am not sure this is enough, because I am sure there are lots of other ways for them to access to browse AD. I am still working on it and researching left and right but thought to post this question in hope of an expert on this matter to point me in the right direction to remediate this security matter.
Some info about the infrastructure:
All servers are windows server 2008 r2
Forest and domain functional level 2008 r2.
I really appreciate any help or comments.
Thanks in advanced.
Mohsen Almassud