Solved

Disable Remote Logon for Local administrator with group policy

Posted on 2013-06-25
5
1,565 Views
Last Modified: 2013-06-26
I'm trying to disable remote logon for just the local administrator account on every workstation thats on our domain.  I would like to use group policy to do so.  IS there a way to accomplish this?

Thanks,
0
Comment
Question by:IslandIT
  • 3
5 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39277358
remove the administrator local account from the remote desktop users local group
0
 

Author Comment

by:IslandIT
ID: 39277844
can you do that through group policy?  When I try and add administrator it asks for the local administrator of the DC.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39278269
when adding local users to GPO you have to avoid using AD to select the user so it forces the local account to be used.

Just type 'administrator' directly in the box instead of using the browse/AD search box
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39278332
Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.

2. Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
3. Find and double click "Deny logon through Remote Desktop Services"
4. Add the user and / or the group that you would like to dny access.
5. Click ok.
6. Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.

http://support.microsoft.com/kb/2258492
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39278394
Group PolicyAfter Policy
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now