Announcement

Collapse
No announcement yet.

Prohibit user from using RDP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prohibit user from using RDP

    Hi,

    Is there a way in GPO to prevent a user from using RDP/MSTC/Remote Desktop Connection?

    Because I don't want the client computers to be able to remote connect to the servers.

    Thanks.
    Ronuel
    MCP
    There is only one way to find Out..Its to try it and/or Do it...

  • #2
    Re: Prohibit user from using RDP

    you could use uhm.. application hashing.. ? (I forget exactly what it's called) to prevent the sigatnure of particular applications from being loaded.

    Alternately, you could simply prevent the users from logging on via remote desktop.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Prohibit user from using RDP

      Software Restriction.

      Another possible, but somewhat clunkier way, would be to deny the users access to mstsc.exe. Or you could remove the Remote Desktop component from client workstations.

      As for remote desktop permissions... I really hope the OP didn't mean to say that the users are currently able to login to the servers...
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Prohibit user from using RDP

        Hi,

        Yeah as Tehcamel stated just don't give them permissions to access servers/workstations remotely by not adding the users to the Remote Desktop Users security group.

        If you want to prevent certain users from accessing the MSTSC.exe then just create a group policy using software restriction policy/ in the event that you have a 2008 R2 domain with windows 7 clients then use Application Locker. Then apply the group policy to a security group that contains the objects that you want to restrict form accessing that particular exe.


        Regards,

        Jamie

        Comment


        • #5
          Re: Prohibit user from using RDP

          Originally posted by gforceindustries View Post
          Software Restriction.

          Another possible, but somewhat clunkier way, would be to deny the users access to mstsc.exe. Or you could remove the Remote Desktop component from client workstations.

          As for remote desktop permissions... I really hope the OP didn't mean to say that the users are currently able to login to the servers...
          software restriction is precisely what I meant .... but with hashing, you can actually get the signature of the mstsc application, and prevent it, so even if the user changes the name, it'll still rfuse to run
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Prohibit user from using RDP

            deny logon remotely
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Prohibit user from using RDP

              Denying access to mstsc.exe solved it for me.. I created a GPO for it.. once again Thanks alot Guys..
              Ronuel
              MCP
              There is only one way to find Out..Its to try it and/or Do it...

              Comment


              • #8
                Re: Prohibit user from using RDP

                Denying how - with NTFS permissions on the file, or using Software Restriction?

                If you did it using NTFS permissions, I would strongly advise that you revisit this soon and implement Software Restriction instead. Additionally, I would advise that you also remove the users from the Remote Desktop Users group on the servers and workstations concerned.
                Gareth Howells

                BSc (Hons), MBCS, MCP, MCDST, ICCE

                Any advice is given in good faith and without warranty.

                Please give reputation points if somebody has helped you.

                "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                Comment


                • #9
                  Re: Prohibit user from using RDP

                  It is only a partial solution. As already mentioned, to try and lockdown that a bit more also consider deny "Allow logon through terminal services" user right setting via GPO.
                  Even if you use software restriction policies, it may not be very effective for other terminal services clients such as Terminals.
                  Caesar's cipher - 3

                  ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                  SFX JNRS FC U6 MNGR

                  Comment


                  • #10
                    Re: Prohibit user from using RDP

                    I did both..Denying through software restriction and "Allow through terminal services " in one GPO.. Thanks Guys..
                    Ronuel
                    MCP
                    There is only one way to find Out..Its to try it and/or Do it...

                    Comment


                    • #11
                      Re: Prohibit user from using RDP

                      nice work buddy
                      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                      Comment

                      Working...
                      X