Lock Down RDP via GPO

[circulent]

Is there a way to disable Remote Desktop by a specific AD group through Group Policies? If so, how?

Thanks a lot!

 

[Dublin73]

Policies aren't required, simple permissions should do the trick!

Start\Programs\Administrative Tools\Terminal Services Configuration

Highlight "Connections"

Right-Click on RDP-Tcp and select "Properties". Now click the "Permissions" tab. Apply your permissions as required.

If this is Windows 2003 we're talking about, I believe only "User Access" needs to be ticked for the relevant group.

Think of this as the doorway into your server.

good luck with it.

 

[Dublin73]

To add to my post. I thought you were asking about RDP as opposed to controlling a server through Remote Desktop, oops!

OK, to answer your question, yes, this can be done through a GPO. For Windows server 2003, edit the GPO and go to...

Computer Configuration\Windows Settings\Security Settings\Restricted Groups

Right-click and select "Add Group..." and type in..

Remote Desktop Users

A new screen now pops up. Click Add, and then browse to the global group that you want to make a member of the Remote Desktop Users group.

Any member of this global group will now have the ability to remote desktop into your servers.

hope that's answered your question

 

[circulent]

Cool. Thanks so much.

ML