?
Solved

Disable Remote Logon for Local administrator with group policy

Posted on 2013-06-25
5
Medium Priority
?
1,900 Views
Last Modified: 2013-06-26
I'm trying to disable remote logon for just the local administrator account on every workstation thats on our domain.  I would like to use group policy to do so.  IS there a way to accomplish this?

Thanks,
0
Comment
Question by:IslandIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39277358
remove the administrator local account from the remote desktop users local group
0
 

Author Comment

by:IslandIT
ID: 39277844
can you do that through group policy?  When I try and add administrator it asks for the local administrator of the DC.
0
 
LVL 27

Accepted Solution

by:
Steve earned 2000 total points
ID: 39278269
when adding local users to GPO you have to avoid using AD to select the user so it forces the local account to be used.

Just type 'administrator' directly in the box instead of using the browse/AD search box
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39278332
Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.

2. Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
3. Find and double click "Deny logon through Remote Desktop Services"
4. Add the user and / or the group that you would like to dny access.
5. Click ok.
6. Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.

http://support.microsoft.com/kb/2258492
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39278394
Group PolicyAfter Policy
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question