ellitech
asked on
Seeing Users Added into 'Select Remote Users' without having been added manually
Hi,
I was trying to connect to our domain controller running W2K8 R2, I was unable to access it using an RDP console, it was ping-able on the network.
We connected into it on a console and thought that perhaps we needed to toggle the 'allow remote connections...', we immediately noticed that there were many users that had somehow been added in as being allowed remote access.
Any ideas as to how these users were somehow added into this and being granted remote access?
I was under the impression that they needed to be added in manually, is it possible that they somehow were added in automatically as part of a security group that has been granted remote access to this DC?
Any help on this would be greatly appreciated as I have never come across this before.
I dug in a little further and I am seeing this...
The users are all listed in a security group called "Remote Desktop Users" which is a "Security Group - Domain Local" domain local security group.
How is this group adding itself in like that? I thought that you had to manually add users in the "Select Remote Users" box under the 'Remote' tab in 'System Properties'.
Will rebooting the server remove them?
How can we prevent this from happening again?
Thank-you for taking the time to respond to this post, it is greatly appreciated.
ElliTech
I was trying to connect to our domain controller running W2K8 R2, I was unable to access it using an RDP console, it was ping-able on the network.
We connected into it on a console and thought that perhaps we needed to toggle the 'allow remote connections...', we immediately noticed that there were many users that had somehow been added in as being allowed remote access.
Any ideas as to how these users were somehow added into this and being granted remote access?
I was under the impression that they needed to be added in manually, is it possible that they somehow were added in automatically as part of a security group that has been granted remote access to this DC?
Any help on this would be greatly appreciated as I have never come across this before.
I dug in a little further and I am seeing this...
The users are all listed in a security group called "Remote Desktop Users" which is a "Security Group - Domain Local" domain local security group.
How is this group adding itself in like that? I thought that you had to manually add users in the "Select Remote Users" box under the 'Remote' tab in 'System Properties'.
Will rebooting the server remove them?
How can we prevent this from happening again?
Thank-you for taking the time to respond to this post, it is greatly appreciated.
ElliTech
BillBondo
From what you describe it sounds like its correct. They are part of a group allowed RDP. Remove the users from the group if you like.
ASKER
This security group was set up to allow users to connect to our citrix server using an RDP connection. These names have only just now shown up as having being allowed access to this specific server.
How is it that the users are showing up here in the first place?
ElliTech
How is it that the users are showing up here in the first place?
ElliTech
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I do not believe that these users should be listed in the "Select Remote Users" box under the 'Remote' tab in 'System Properties'. The Remote Desktop Users group have access by default!!
All other users need to be manually added in here!!
They were not there before, but they are now all of a sudden.
Could someone else please explain to me why we are seeing these users listed there now?
ElliTech
All other users need to be manually added in here!!
They were not there before, but they are now all of a sudden.
Could someone else please explain to me why we are seeing these users listed there now?
ElliTech
Is there any group policy defined ?
Run start>Run >rsop
Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
See if if any groups are mentioned - related to Remote Desktop Users
--
If you wish to restrict only certain users can access remote desktop, you can create a group policy
Goto : Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
Add a group that contains users who can perform remote desktop
Later, users membership can be managed though group for this purpose
Run start>Run >rsop
Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
See if if any groups are mentioned - related to Remote Desktop Users
--
If you wish to restrict only certain users can access remote desktop, you can create a group policy
Goto : Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
Add a group that contains users who can perform remote desktop
Later, users membership can be managed though group for this purpose
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.