Re: Controlling access to MSTSC.exe

Hi,

Yes we are restricting access to the servers by groups with a domain
level policy (i.e. who can connect via remote desktop to the servers).
However, and this is where the "twist" emerges... We have a group of
consultants working at our company who routinely connect to servers which are
physically located at their premise and are not administered by us. We've
been tasked to perform the role of "policemen", to prevent the MSTSC from
launching on the desktop (which is under our administration) to servers
which are not under our administration. I know what you're thinking, I
thought the same thing too.

Michael


"Pegasus (MVP)" wrote:

>
> "Michael Hum" <MichaelHum@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:0C7BD084-94B4-4281-B84A-2F0502302844@xxxxxxxxxxxxxxxx
> > Hi,
> > i'm running a Windows 2003 enivronment with XP SP1 desktops. I'm
> > searching for a group policy object to control access to the "remote
> desktop
> > client (mstsc.exe) on the XP workstations. Meaning, allow a specific
> domain
> > group the ability to launch "remote desktop client". I've tried the "dont
> > run specified Windows applications" in User Configuration\Administrative
> > Templates\System which works nicely to restricts the mstsc.exe from
> > "running". However, it does not allow restriction by groups. Does anyone
> > know of a custom ADM with the restrict application by group option? Or is
> > there a better method to control users from launching the mstsc.exe file.
> >
> > Help!
> >
> > Thanks,
> >
> > Michael
>
> Instead of preventing users from running mstsc.exe, you could
> set a domain policy on the server itself that allows only suitably
> authorised users to logon under RDP. It's one of the many
> domain policies available to you.
>
>
>
.

Relevant Pages

  • Re: Account Lockout threshold
    ... All are window 2000 advanced servers with Service pack 3, ... Domain Contoller Security Policy - Account lockout threshold ...
    (microsoft.public.security)
  • Re: Security templates and IUSR account log on locally
    ... the Enterprise security template for Member Servers breaks IIS6 anon ... the guideline is to apply the member servers baseline policy and then the ... web servers policy. ... You may also want to revisit the download for the W2k3 Security Guide as ...
    (microsoft.public.inetserver.iis.security)
  • Re: Preventing users from c onnecting to shares NOT on the domain..
    ... First condition would be to set "Require Security" policy to "Restricted ... These computers could be excluded by IP address, ... > The servers might be located on the same subnet of some of the clients. ...
    (microsoft.public.win2000.networking)
  • Re: Preventing users from c onnecting to shares NOT on the domain..
    ... First condition would be to set "Require Security" policy to "Restricted ... These computers could be excluded by IP address, ... > The servers might be located on the same subnet of some of the clients. ...
    (microsoft.public.win2000.security)
  • Re: Default Domain Controllers Policy
    ... I was only looking to change the Local Security Policy on servers that have ... appling to the Computers is if the Computer OU was inside the Default ... Why are you trying to change Local Settings? ...
    (microsoft.public.win2000.group_policy)
Loading