Restrict Remote Desktop access to specific users to specific servers in a domain environment?

Restricted remote-desktop connection in domain enviroment for domain-user

Solution

To deny a user or a group logon via RDP, explicitly set the "Deny logon through Remote Desktop Services" privilege.

To do this access a group policy editor (either local to the server or from a OU) and set this privilege:

Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.

Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.

Find and double click "Deny logon through Remote Desktop Services"

Add the user and / or the group that you would like to dny access.

Click Ok.

Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.

Source

Restrict Remote Desktop access to specific users to specific servers in a domain environment?

Solution

Tags:

Windows

Remote Desktop

Domain

Related

Recent Posts