Problem: The first User wich connect to the 2012 R2 Remote Desktop Server map drives to a DFS root share (with "net use"). Every other User which login thereafter to this Remote Desktop Server will see this drive and is able to work on this NTFS-Drive with Admin Rights. The issue is that mappings from the first user on the system to a DFS root share are "inherited" by all future users that log onto the same system.
We use this command:
net use [drive letter:] [\\Domain\Namespace\dfs-folder] /PERSISTENT:NO
For Example:
net use h: \\microsoft.com\South\Data /persistent:no
The very big surprise was that the future Users on these 2012R2 RDS Servers are working within the inherited drive (DFS-R share on a Windows 2008R2 Server) with admin rights!
Please help, it seems to be a very big security hole in 2012R2! (Our similar 2008R2 RDS Servers and our similar 2003R2 TS Servers don't have this Problem.
Thank you in advance for every hint!
Patrick R.