Re: Disable "Allow logon to terminal server"

• Previous message: Steven L Umbach: "Re: adding users to shares with scripting"
• In reply to: Steven L Umbach: "Re: Disable "Allow logon to terminal server""
• Next in thread: Steven L Umbach: "Re: Disable "Allow logon to terminal server""
• Reply: Steven L Umbach: "Re: Disable "Allow logon to terminal server""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 20 Oct 2004 07:27:04 -0700

Steve,

Thanks for the response. Let me add a little more background which should
further explain my issue. I need to disable the permission, "Allow logon to
terminal server," for over 2000 administrative service accounts located on
800 servers and due to some archaic applications I can not always remove the
security permission, "logon locally". Manually disabling this property per
account is not an option I can realistically implement.

Also, the member server and domain are all Windows 2000 so I do not have the
TS luxuries provided by Windows 2003 GPOs.

My gut instinct is that there is likely a way to set this account property
via a script but I’ve exhausted several searching trying to find it. Any
additional thoughts would be appreciated…

Thanks for the response. Let me add a little additional background which
should further explain my issue. I need to disable the permission, "Allow
logon to terminal server," for over 2000 accounts located on 700 servers but
in some instance I can not remove the security permission, "logon locally".

"Steven L Umbach" wrote:

> You could remote in via TS to manage those accounts or use security policy
> to manage the user right for "logon locally" which a user will need to
> access a TS in W2K. In Windows 2003 that has been changed to a separate user
> right called "allow logon through Terminal Services". That can be configured
> through Local Security Policy or you can put the computer in an
> Organizational Unit with it's own GPO with the logon locally configured to
> your needs. User rights are accessible through computer
> configuration/Windows settings/security settings/local policies/user rights.
> That will not directly configure the user's local account but they can not
> logon without the logon locally user right. -- Steve
>
>
> "Jason Cook" <JasonCook@discussions.microsoft.com> wrote in message
> news:1518C02B-BBCA-4C9C-B5AE-1E35C9B4FA99@microsoft.com...
> > Is there a way to remotely manage (script, GPO, etc) the local account
> > property, "Allow logon to terminal server" for local accounts on Windows
> > 2000
> > servers? The domain is also Windows 2000.
>
>
>

• Previous message: Steven L Umbach: "Re: adding users to shares with scripting"
• In reply to: Steven L Umbach: "Re: Disable "Allow logon to terminal server""
• Next in thread: Steven L Umbach: "Re: Disable "Allow logon to terminal server""
• Reply: Steven L Umbach: "Re: Disable "Allow logon to terminal server""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]