• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

prevent users logging on to terminal server

Hi i would like to prevent users logging on to terminal server based on group membership

so far the only thing that works for me  is deny logon locally set at each terminal server local security policy,

(alltering the allows logon locally to specifc groups seemed to have no effect at all)

would like to be able to just have an "allow" group with in the domain.

The allow logon to teminalservers tick box in user properties is not much use either (it works) but difficult to see en mass)

any ideas?

terminal server = win2000
domain is 2003 AD
1 Solution
You can do this by allowing the RDP protocol only for the specific group.
On your TS, go to Administrative Tools, start "Terminal services configuration".
Under "Connections", double-click "RDP-TCP".
In the "Permissions" tab, note the current permissions, just in case. Add the group you want to be able to logon through terminal services. There's probably the Users group with access in there as well; remove this. Make sure the local Administrators group and System are allowed to use the protocol.
Now only members of the specific group and administrators will be able to use RDP to logon to the machine.
mhamerAuthor Commented:
cheers worked well

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now