Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RDP sessions need to be locked down to certain users

Posted on 2014-07-23
5
Medium Priority
?
145 Views
Last Modified: 2014-08-02
So I inherited a terminal server and thought it was locked down. I saw the policy and it was only showing the groups that I want security filtering applied to. The issue is that it only applies to them and no one else. I want to block all other access to that terminal server unless you part of those groups. How do I block everyone else?
0
Comment
Question by:lgalan01
  • 4
5 Comments
 

Author Comment

by:lgalan01
ID: 40215001
I have added the groups to the local group "Remote Desktop Users" but still users who aren't in those groups can connect to the server. They also are able to access the server without any of the GPO restrictions. I hope that clarifies it more for you guys.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40215016
I believe you can set this as a Group Policy in Active Directory.  Your Domain Admins likely have access.  Check those.
0
 

Author Comment

by:lgalan01
ID: 40215253
So far I have add authenticated users to the "security filtering" and now Administrator has all GPO restrictions when they log into the server. I need to know how do I block everyone except helpdesk, administrator and two security groups.
0
 

Accepted Solution

by:
lgalan01 earned 0 total points
ID: 40224844
Found the answer here:
http://www.it-book.co.uk/766/create-a-%E2%80%9Clockdown%E2%80%9D-gpo-for-a-terminal-or-citrix-server-3

Section:
Optional � I also like to set a “deny” permission to make sure that this GPO doesn’t apply to administrators (i.e. so you have full access to the server).
0
 

Author Closing Comment

by:lgalan01
ID: 40235958
It allowed my to assign a group to that the GPO doesn't apply to.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question