Re: Terminal Services Setup/Flaw
- From: moncho <moncho@xxxxxxxxxxxxxxxxx>
- Date: Mon, 12 Nov 2007 15:38:01 GMT
RemyMaza wrote:
Yes, it's any authenticated user which would lead me to believe it's allowed through a group policy. What would I modify in that group policy to inhibit this type of login?
In order to RDP into any server, the user or group must be in either
the local server Remote Desktop Users Group or System-> Remote-> Allowed Users, depending up on whether the server is in Application or Administration mode.
Remote Authenticated Users from those groups on the local servers that
you DO NOT want users to RDP into.
moncho
.
Many Thanks,
Matt
"moncho" wrote:
RemyMaza wrote:I'm a new hire to a company and I've never used TS before. I was given my domain admin priviledges and went to work last week. I was probing and testing the network for any flaws and I found a big one I'd like to fix. I am able to .rdp into the terminal server and from there I'm able to use .rdp into any other server in the network. The problem lies not with my login but with a normal user's login, I'm able to do this. What can I do to prevent normal user's from logging into any machine they want?What is a "normal" user?
Server '03 SP2
Do you mean any user in the "Users" or "Authenticated Users" group?
I would start there.
I would check to see if there are any group policies setup to allow
this type of access.
If a "normal" users can RDP in a DC, that is a big issue.
If your own login can RDP to any server, that seems OK since
you are the Domain Admin. If that fits your companies security
policies.
moncho
- Follow-Ups:
- Re: Terminal Services Setup/Flaw
- From: RemyMaza
- Re: Terminal Services Setup/Flaw
- References:
- Re: Terminal Services Setup/Flaw
- From: moncho
- Re: Terminal Services Setup/Flaw
- Prev by Date: Re: Cannot RDP into 2003 Server DC
- Next by Date: Re: Cannot RDP into 2003 Server DC
- Previous by thread: Re: Terminal Services Setup/Flaw
- Next by thread: Re: Terminal Services Setup/Flaw
- Index(es):
Relevant Pages
|
