Click here to get back home

Deny Right to Local Admin Group to Log On Via Terminal Services?
 HomeNewsGroups | Search | About
Login Password
Register Now! Lost Password?
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Deny Right to Local Admin Group to Log On Via Terminal Services? NW 05-24-2007
Get Chitika Premium
Posted by NW on May 24, 2007, 12:28 pm
Please log in for more thread options
 Any harm in denying log on via TS to the local Administrator Group?

Since our domain's TS is available from outside networks I thought this may
provide some security benefit.

Thanks.



Posted by Roger Abell [MVP] on May 25, 2007, 12:32 am
Please log in for more thread options
 No harm, other than loss of the avenue for remote mgmt.
You could just remove the grant to Administrators, either on the
RDP connectoid or the user right, rather than using a deny in either
(or both) places.

> Any harm in denying log on via TS to the local Administrator Group?
>
> Since our domain's TS is available from outside networks I thought this
> may provide some security benefit.
>
> Thanks.
>



Posted by NW on May 25, 2007, 9:29 am
Please log in for more thread options
Thanks!


> No harm, other than loss of the avenue for remote mgmt.
> You could just remove the grant to Administrators, either on the
> RDP connectoid or the user right, rather than using a deny in either
> (or both) places.
>
>> Any harm in denying log on via TS to the local Administrator Group?
>>
>> Since our domain's TS is available from outside networks I thought this
>> may provide some security benefit.
>>
>> Thanks.
>>
>
>



Similar ThreadsPosted
Deny Logon through Terminal Services Issue August 22, 2006, 12:49 pm
Terminal services-give a program admin rights January 10, 2006, 4:14 pm
local admin group change, how? November 2, 2005, 10:53 am
Security bug in terminal services? May 4, 2006, 4:02 am
Logon Using Terminal Services GPO August 16, 2007, 2:57 am
Terminal Services Profiles problems August 15, 2005, 5:08 pm
How do I configure Terminal Services for 443 access only February 12, 2006, 10:37 am
Digital signature, USB tokens and terminal services September 25, 2006, 9:16 am
Adding another domain users to your local domain admin group December 28, 2005, 12:19 pm
Prevent browsing with UNC paths for Terminal Services users April 5, 2006, 2:05 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap