Solved

Keeping Users from Remoting into a Server

Posted on 2011-03-18
3
338 Views
Last Modified: 2013-11-21
We have a server 2008 file-server to house users documents.  Today as I was checking the server I noticed a user was logged in.  I checked their account and they do not have remote desktop priveledges.  We also have a Citrix Xen App server that this user has access to as well.  They can get a Xen App desktop.  Is this what is allowing this user to remote into the file server?
What can I do to make domain users not able to log into a server?
0
Comment
Question by:maximus7569
3 Comments
 
LVL 3

Accepted Solution

by:
fireline1082 earned 250 total points
Comment Utility
You can do it from group policy.
From Ad users and computers, move  the server object to a dedicated OU let's say File Servers OU.
Then create new GPO and link it to File servers OU.

In the GPO, go to security> user right assignment ; then setup allow login locally right with the only accounts that will have access to this server like domain admins..etc
0
 

Author Comment

by:maximus7569
Comment Utility
Ok I will try that and let you know.
0
 
LVL 16

Assisted Solution

by:Spike99
Spike99 earned 250 total points
Comment Utility
I would also look at the local Remote Desktop Users group on the terminal server itself.  By default, I believe only Admins will have remote access to a terminal server: all other users or groups have to added manually to that local Remote Desktop Users group to gain access.  By default, the RD Users group is empty.

If either the Domain Users group or the Authenticated Users groups is in that local RD Users group, that would explain how the user was able to log on.

I hope this helps,

Alicia
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now