I was trying to connect to our domain controller running W2K8 R2, I was unable to access it using an RDP console, it was ping-able on the network.
We connected into it on a console and thought that perhaps we needed to toggle the 'allow remote connections...', we immediately noticed that there were many users that had somehow been added in as being allowed remote access.
Any ideas as to how these users were somehow added into this and being granted remote access?
I was under the impression that they needed to be added in manually, is it possible that they somehow were added in automatically as part of a security group that has been granted remote access to this DC?
Any help on this would be greatly appreciated as I have never come across this before.
I dug in a little further and I am seeing this...
The users are all listed in a security group called "Remote Desktop Users" which is a "Security Group - Domain Local" domain local security group.
How is this group adding itself in like that? I thought that you had to manually add users in the "Select Remote Users" box under the 'Remote' tab in 'System Properties'.
Will rebooting the server remove them?
How can we prevent this from happening again?
Thank-you for taking the time to respond to this post, it is greatly appreciated.