Re: Group Policy for non-Administrator Remote Desktop

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/02/04 

Date: Tue, 2 Nov 2004 13:39:54 +1100

Ah yes ... good catch. Went looking for an adm based setting :)

Cheers 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Glenn L" <the.only@gmail.com> wrote in message 
news:eBi86EIwEHA.1564@TK2MSFTNGP09.phx.gbl...
> You can configure the "allow logon through terminal services" user right 
> in
> a GPO to the OU that contains the XP workstations.
> This right has the local administrators and remote desktop users groups by
> default.
>
> You can also use the restricted groups feature in GPOs to control the
> membership of the local administrators and remote desktop users group.
>
> So, in your case, you can simply add the domain\group to the "allow logon
> through terminal services" user right in a GPO that will apply to the XP
> workstations.
>
> Make sure you do not apply the GPO to the domain, as this will also apply 
> to
> the domain controllers.
>
> -- 
> Glenn L
> CCNA, MCSE 2000, MCSE 2003 + Security
>
>
> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
> news:eeSNzvGwEHA.4048@TK2MSFTNGP15.phx.gbl...
>> Hi
>>
>> I'm reasonably sure there isn't.
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>> "Richard Roati" <RichardRoati@discussions.microsoft.com> wrote in message
>> news:E44DF3EA-5D5C-4013-B5D8-A748502EAFB0@microsoft.com...
>> > Hello,
>> > Is there a way to configure group policy to allow a specific group of
>> > non-domain Administrators to be able to remote into XP clients?  Thx 
>> > for
>> > your
>> > help.
>>
>>
>
>

Relevant Pages

  • Re: Groups and OUs
    ... Mark Renoden [MSFT] ... Windows Platform Support Team ... > If I put a securety group into a OU and link a GPO on this OU, ...
    (microsoft.public.windows.group_policy)
  • Re: Termserv loses security settings each night
    ... Are you using the Group Policy Management Console? ... I would run the GPO tools there, like Resultant set of Policies, to ... > tsusers and remote desktop users into a doamin-wide GPO earlier. ... >, I went into Terminal Services ...
    (microsoft.public.win2000.termserv.apps)
  • Locked out of Server 2003!! Help!!!!
    ... Server 2003 at the backend. ... tried to apply to the Domain Controllers. ... Where the GPO has successfully ... it tells me that the user must be a member of the "Remote Desktop Users" ...
    (microsoft.public.windows.terminal_services)
  • Re: Group Policy for non-Administrator Remote Desktop
    ... > This right has the local administrators and remote desktop users groups by ... > membership of the local administrators and remote desktop users group. ... > through terminal services" user right in a GPO that will apply to the XP ...
    (microsoft.public.windows.server.active_directory)
  • Re: GPO for TS from SBS
    ... I followed your article and incorporated your instructions (except for raoming profiles as we don't have any). ... I set the security on the GPO to Apply for Remote Desktop Users and Deny for Domain Aministrators. ... And the Windows Security icon in the Start menu is still there so I am pretty sure changes aren't being applied. ...
    (microsoft.public.windows.terminal_services)