Users Browsing Network from Terminal Server

I have three Windows 2008 terminal servers, all fully patched. My environment
is pretty well locked down on the terminal servers but I discovered a very
odd issue today. Some users can open the shortcut to My Computer on the
terminal desktop, and are able to browse the entire network including other
servers from there. Only a few users can do it, and I cannot find a common
thread that is causing this to be possible. I have looked through Security
Groups, and searched Active Directory and Group Policy Management for rules
that may be allowing this but I'm coming up short. Users should not be able
to browse the network at all from the terminal servers. Can someone point out
a GP rule that could be allowing this for these users?

Hello:

Unless someone has an answer, have you tried running the GPO Resultant Set
of Policy against the different users to compare their settings? If this is
indeed caused by different GPO settings, you should be able to pinpoint the
setting.

--
Regards,
M
MCTS, MCSA
http://SysAdmin-E.com

"SeriousSam" <(E-Mail Removed)> wrote in message
news:A48BFC1E-0376-4699-90DA-(E-Mail Removed)...
>I have three Windows 2008 terminal servers, all fully patched. My
>environment
> is pretty well locked down on the terminal servers but I discovered a very
> odd issue today. Some users can open the shortcut to My Computer on the
> terminal desktop, and are able to browse the entire network including
> other
> servers from there. Only a few users can do it, and I cannot find a common
> thread that is causing this to be possible. I have looked through Security
> Groups, and searched Active Directory and Group Policy Management for
> rules
> that may be allowing this but I'm coming up short. Users should not be
> able
> to browse the network at all from the terminal servers. Can someone point
> out
> a GP rule that could be allowing this for these users?