Remove "remote desktop connection" from non admins PC's

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi, we use RDC to connect to our servers, but we only want admins to have it.
I know only admins can log in, my I just don't want them (users) to try.

Can I block them or is there a GPO which lets me remove it?

Thanks

S
 
You can use this setting in a GPO which is linked to the OU which
contains your servers:

Computer Configuration\Administrative Templates\Windows Components
\Terminal Services
"Allow users to connect remotely using Terminal Services"

Make sure that you set the security of the GPO for Administrators to
"Deny" for the right to "Apply this policy", otherwise you lock
yourself out as well.

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Thanks, where is "Deny" for the right to "Apply this policy"?

Am I wrong in saying that if all the admins are in a different OU then this
"Deny" for the right to "Apply this policy" will not need to be set?

Thanks

S
 
No, because this GPO must be linked to the OU which contains your
Terminal Server, not to a OU that contains your user accounts. Note
that the setting is in the Computer Configuration area, not in the
User Configuration area!

You set permissions on the Security tab of the GPO.

816100 - How To Prevent Domain Group Policies from Applying to
Administrator Accounts and Selected Users in Windows Server 2003
http://support.microsoft.com/?kbid=816100

Recommended reading:

260370 - How to Apply Group Policy Objects to Terminal Services
Servers
http://support.microsoft.com/?kbid=260370

231287 - Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
 
Back
Top