• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2168
  • Last Modified:

Disable Remote Logon for Local administrator with group policy

I'm trying to disable remote logon for just the local administrator account on every workstation thats on our domain.  I would like to use group policy to do so.  IS there a way to accomplish this?

  • 3
1 Solution
David Johnson, CD, MVPOwnerCommented:
remove the administrator local account from the remote desktop users local group
IslandITAuthor Commented:
can you do that through group policy?  When I try and add administrator it asks for the local administrator of the DC.
when adding local users to GPO you have to avoid using AD to select the user so it forces the local account to be used.

Just type 'administrator' directly in the box instead of using the browse/AD search box
David Johnson, CD, MVPOwnerCommented:
Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.

2. Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
3. Find and double click "Deny logon through Remote Desktop Services"
4. Add the user and / or the group that you would like to dny access.
5. Click ok.
6. Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.

David Johnson, CD, MVPOwnerCommented:
Group PolicyAfter Policy
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now