No announcement yet.

RDP Security

  • Filter
  • Time
  • Show
Clear All
new posts

  • RDP Security

    Hi All, stick with me here.

    Im looking at locking down my site to please the auditors!

    Basically i have round 30 servers. first issue.

    I have 3rd party companys who RDP on certain servers for upgrades etc. through the AD user account i allowed them only access to a few servers. On the servers i allowed i had to add the user to the local remote user account group on the server. This is a big task 1 supplier needs access to 8 boxes. ALSO this then stops them from accessing the citrix interface as they dont access to the Citrix boxes. They do need the interface though!

    Secondly. I want to be able to stop all internal users RDP (including our helpdesk). Im assuming i can do this as a blanket GPO. Im looking at denying users log on through terminal services but am i right in assuming this will stop them using Citrix?

    The main aim is to lock the site down and keep it as easy to admin as possible. Does anyone have any advice on this?
    Last edited by MartinaGreenhill; 2nd November 2010, 12:50.

  • #2
    Re: RDP Security


    1. Create a group and make that group a member of Remote Desktop users. Then perform adding/removing user on group.

    2. This can be done using computer configuration part of group policy
    Computer Configuration, >Administrative Templates, >Windows Components, >Terminal Services.
    Allow users to connect remotely using Terminal Services policy.
    Set the policy to disabled, and then click OK.

    But how it works with citrix you better test in CT env i am not sure abt that part
    Thanks & Regards

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect

    Show your appreciation for my help by giving reputation points