Solved

RDP sessions need to be locked down to certain users

Posted on 2014-07-23
5
132 Views
Last Modified: 2014-08-02
So I inherited a terminal server and thought it was locked down. I saw the policy and it was only showing the groups that I want security filtering applied to. The issue is that it only applies to them and no one else. I want to block all other access to that terminal server unless you part of those groups. How do I block everyone else?
0
Comment
Question by:lgalan01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 

Author Comment

by:lgalan01
ID: 40215001
I have added the groups to the local group "Remote Desktop Users" but still users who aren't in those groups can connect to the server. They also are able to access the server without any of the GPO restrictions. I hope that clarifies it more for you guys.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40215016
I believe you can set this as a Group Policy in Active Directory.  Your Domain Admins likely have access.  Check those.
0
 

Author Comment

by:lgalan01
ID: 40215253
So far I have add authenticated users to the "security filtering" and now Administrator has all GPO restrictions when they log into the server. I need to know how do I block everyone except helpdesk, administrator and two security groups.
0
 

Accepted Solution

by:
lgalan01 earned 0 total points
ID: 40224844
Found the answer here:
http://www.it-book.co.uk/766/create-a-%E2%80%9Clockdown%E2%80%9D-gpo-for-a-terminal-or-citrix-server-3

Section:
Optional � I also like to set a “deny” permission to make sure that this GPO doesn’t apply to administrators (i.e. so you have full access to the server).
0
 

Author Closing Comment

by:lgalan01
ID: 40235958
It allowed my to assign a group to that the GPO doesn't apply to.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question