troubleshooting Question

How to prevent certain domain accounts from RDP to terminal server

Avatar of zephyr_hex (Megan)
zephyr_hex (Megan)Flag for United States of America asked on
Windows Server 2003Active DirectoryMicrosoft Server OS
7 Comments1 Solution844 ViewsLast Modified:
win 2k DC
win 2003 server running terminal services

for certain domain users, i want to prevent RDP to the server running terminal services, but not prevent RDP to their desktop computers.

under computer management, there is a Group called Remote Desktop Users.  it originally had domain\users as Member, and all domain users belong to that AD group.
i created a new domain group called RDP Users, and added users that should have permission to RDP to the server.  i then removed the domain\users group from the Remote Desktop Users (local group on the server) and added the new RDP Users group.

i tested by using a domain account that is not a member of RDP Users... and i can still connect to the server.  if i edit that domain profile and select the option to not allow the account to use terminal services, i am unable to RDP to a desktop pc in the domain.  how do i configure things so that particular domain accounts are not allowed to RDP to the server, but can still RDP to their desktop pc?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros