Re: Deny Right to Local Admin Group to Log On Via Terminal Services?

---

• From: "NW" <interest@xxxxxxxxxx>
• Date: Fri, 25 May 2007 09:29:17 -0400

---

Thanks!


"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:O%23tsDXonHHA.3544@xxxxxxxxxxxxxxxxxxxxxxx

No harm, other than loss of the avenue for remote mgmt.
You could just remove the grant to Administrators, either on the
RDP connectoid or the user right, rather than using a deny in either
(or both) places.

"NW" <interest@xxxxxxxxxx> wrote in message
news:%23fagpCinHHA.3952@xxxxxxxxxxxxxxxxxxxxxxx

Any harm in denying log on via TS to the local Administrator Group?

Since our domain's TS is available from outside networks I thought this
may provide some security benefit.

Thanks.

.

---

• References:
  • Deny Right to Local Admin Group to Log On Via Terminal Services?
    • From: NW
  • Re: Deny Right to Local Admin Group to Log On Via Terminal Services?
    • From: Roger Abell [MVP]

• Prev by Date: LimitLogon utility
• Next by Date: Re: LimitLogon utility
• Previous by thread: Re: Deny Right to Local Admin Group to Log On Via Terminal Services?
• Next by thread: Trouble Following KB Article 325349
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2007-05