• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

Keeping Users from Remoting into a Server

We have a server 2008 file-server to house users documents.  Today as I was checking the server I noticed a user was logged in.  I checked their account and they do not have remote desktop priveledges.  We also have a Citrix Xen App server that this user has access to as well.  They can get a Xen App desktop.  Is this what is allowing this user to remote into the file server?
What can I do to make domain users not able to log into a server?
2 Solutions
You can do it from group policy.
From Ad users and computers, move  the server object to a dedicated OU let's say File Servers OU.
Then create new GPO and link it to File servers OU.

In the GPO, go to security> user right assignment ; then setup allow login locally right with the only accounts that will have access to this server like domain admins..etc
maximus7569Author Commented:
Ok I will try that and let you know.
Spike99On-Site IT TechnicianCommented:
I would also look at the local Remote Desktop Users group on the terminal server itself.  By default, I believe only Admins will have remote access to a terminal server: all other users or groups have to added manually to that local Remote Desktop Users group to gain access.  By default, the RD Users group is empty.

If either the Domain Users group or the Authenticated Users groups is in that local RD Users group, that would explain how the user was able to log on.

I hope this helps,

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now