NC does not give you granular control where you can restrict a user to an application and then to a specific object. NC provides open network access.

You should be using the Core access and providing RDP through the Web browser.

Hello..Thanks for your reply.

Can you help me with any tech notes or documents which which can assist me configure the same thru core access ?

Would be of great help ..

well you can control where the user is sent and on what port using the Access control policy for your Network connect profile but that is an over kill. So you can say this connection profile rdpserver:3389 this will only give this user access to the rdp server and on port 3389 that is the windows rdp port every where else the user will get access denied but Why let some one do a full tunnel but than limit them to just RDP when you can do that easily by what Kevin suggested above.

Thanks and truly appreciate your efforts in guding me on this.

I didn't read the whole thread, but in answer to your question, if you're using VIsta/Win7, they both use a ?more secure? version of RDP where your credentials are hashed and sent to the server prior to the desktop opening. Windows XP (and prior) open the desktop to present the logon gui, which is how the SSLVPN does it.

So if you need the additional security (for example: to make Snort stop complaining), then you'll want to use NC with restricted policies and use the Windows Vista/7 RDP client.

just my $0.02