• Home
• Topics
• Microsoft Windows desktop operating systems security management
• Endpoint security management tools
• Specifying users with Remote Desktop permissions through Group Policy

Specifying users with Remote Desktop permissions through Group Policy

Requires Free Membership to View

Login



When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

Margie Semilof, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

You can prevent users or groups from using Remote Desktop by removing their ability to do a network logon on the machines in question. That is, you can create a GPO specifically for an OU that prevents users from connecting. To prevent users or groups from using a network connection of any type, use the "Windows Settings/Security Settings/Local Policies/User Rights Assignments/Deny access to this computer from the network" policy. Add the groups you wish to deny access to. Remember, however, that they also will not be able to access file shares (a good thing on a desktop or server that is not a file server, a bad thing for a domain controller or file server). To specifically deny remote desktop access, use the "Windows Settings/Security Settings/Local Policies/User Rights Assignments/Deny Log on through Terminal Services." Add the groups you wish to deny.

Group Policy Administrative Templates can be used to control Remote Assistance options (Remote Assistance uses the Remote Desktop). Computer Administrative Templates control solicited and offered Remote Assistance (can you do it, hours, method). The setting "Remote Assistance/Offer Remote Assistance Properties" also allows you to specify which Windows group's members are allowed to offer remote assistance without an invitation.

Dig Deeper

This was first published in November 2004

More from Related TechTarget Sites

• Virtual Desktop
• Windows Server
• Windows IT
• Exchange

• Virtual Desktop

  • Citrix integrates NxTop and XenClient, introduces Project Avalon

    Citrix is on a roll. The company flooded VDI shops with news of updated offerings and detailed the future of acquired competitor Virtual Computer.

  • Dell and HP churn out VDI hardware as thin client war heats up

    Hewlett-Packard and Dell have their eyes on the virtual desktop market, and both introduced new client technologies that hinge on VDI at Citrix Synergy 2012.

  • How to stagger your VDI project rollout: Start with a VDI POC

    Slow and steady wins the race. After analyzing a VDI POC, stagger your VDI project rollout so resources aren't overwhelmed and users can get used to the new technology.

• Windows Server

  • Test your System Center 2012 knowledge

    What's new in System Center 2012? See how much you know about a wide variety of topics in System Center.

  • Microsoft patches 23 security vulnerabilities, three critical bulletins

    Microsoft addressed 23 vulnerabilities as part of its May Patch Tuesday update, addressing flaws in Windows and Office.

  • How to create custom driver databases with Windows Deployment Services

    Plug and Play isn't just for USB devices. Here's how to put it to work in your installation environment.

• Windows IT

  • Understanding management gets your IT department what it needs

    Crafting the perfect pitch can be difficult in a budget-conscious workplace. Knowing how management will react to proposals can help.

  • What's in a name? Azure branding confusion and the meaning of 'badware'

    Find out why Microsoft had some questioning its mental health and what mosquitos have to do with the ongoing malware fight.

  • Active Directory domain joins and Microsoft certifications: less important than you think

    In this new feature, we examine Windows quotes and tell the stories behind the sound bites. First up: Why you need to rethink Active Directory domain joins.

• Exchange

  • How Microsoft’s new certification program affects Exchange admins

    Microsoft recently updated its certification program, but what does that mean for Exchange admins? Long-time expert and MVP Tony Redmond chimes in.

  • How to manually uninstall Exchange Server 2010

    Severe damage to Exchange Server 2010 may require you to uninstall the program. Follow these tips to prevent harm to Active Directory.

  • How to fix three nagging iPhone problems in Exchange 2007

    If your iPhone users are having trouble accessing Exchange 2007 email and calendaring, you can sidestep the problems before they happen.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map