• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

Keeping Users from Remoting into a Server

We have a server 2008 file-server to house users documents.  Today as I was checking the server I noticed a user was logged in.  I checked their account and they do not have remote desktop priveledges.  We also have a Citrix Xen App server that this user has access to as well.  They can get a Xen App desktop.  Is this what is allowing this user to remote into the file server?
What can I do to make domain users not able to log into a server?
0
maximus7569
Asked:
maximus7569
2 Solutions
 
fireline1082Commented:
You can do it from group policy.
From Ad users and computers, move  the server object to a dedicated OU let's say File Servers OU.
Then create new GPO and link it to File servers OU.

In the GPO, go to security> user right assignment ; then setup allow login locally right with the only accounts that will have access to this server like domain admins..etc
0
 
maximus7569Author Commented:
Ok I will try that and let you know.
0
 
Spike99On-Site IT TechnicianCommented:
I would also look at the local Remote Desktop Users group on the terminal server itself.  By default, I believe only Admins will have remote access to a terminal server: all other users or groups have to added manually to that local Remote Desktop Users group to gain access.  By default, the RD Users group is empty.

If either the Domain Users group or the Authenticated Users groups is in that local RD Users group, that would explain how the user was able to log on.

I hope this helps,

Alicia
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now