I'm trying to lock down my Windows Server 2012 R2 RDS server to a security group. Previously, only members of this security group have been able to log in to the server. However, something has changed and now all users can log on.
We locked this down in the past by adding the security group to System Properties -> Remote Tab as below:
I've double checked local users and groups to see if this has applied to the remote desktop users local group:
Finally, I checked secpol to ensure that there were no unexpected groups in Allow log on through Remote Desktop Services:
I also checked the collection properties to ensure this was locked down correctly:
Is there anywhere else I'm missing? The most confusing part is that this was all working correctly about a week a go - something must have changed to bypass this and allow all users to log on, but I'm not sure what it could be.
I'd really appreciate any help