You can configure the security level for each user or group. There are three security levels:
The Windows Mode, where the user has access to a default Windows session.
The Secured Desktop Mode, where the user has no access to the Control Panel, programs, disks, browser, no right-click...: no access to the server resources. He just has access to documents, printers, Windows key and can disconnect his session.
The Kiosk Mode is the most secure one, where the user has very limited actions in his session.
In any mode, you have the possibility to customize the security on three levels:
Users/Groups rules priorities
When a user opens a new session on the server:
1) If this user has a Security Level directly defined for himself, then this Security Level is enforced.
2) If this user does not have a Security Level directly defined for himself, then RDS-Knight will load any existing Security Level settings for all the groups of this user, and keep the more permissive rules.
For instance if a first group has a rule to remove the Recycle Bin icon from the desktop, but this rule is disabled for a second group, then the user will have the Recycle Bin icon on his desktop. The same priority rules will apply on every custom rule (Desktop Security, Disks Control and Applications Control) as well as for the principal Security Level (the Windows Mode being considered more permissive than the Secured Desktop Mode, which is considered more permissive than the Kiosk Mode).