Logon Using Terminal Services GPO
- From: Mathew V <mvlandys@xxxxxxxxx>
- Date: Wed, 15 Aug 2007 23:57:27 -0700
Hi All,
I've searching high and low for an answer but it doesn't look like
anyone has asked this question before. The company I work for has 5
domain controllers (all in separate locations - Aus, UK, India etc).
The company's main IT Dept (who I work for) admins all these servers,
though recently we have employed some systems admin contractors to
look after the AD servers in India.
The server is in a rack with no monitor attached so the only way for
these guys to log in is via RDP/Terminal Services. I have added their
user account in "Domain Controller Security Policy" -> "User Rights
Assignment" -> "Allow log on through Terminal Services".
So now they can logon remotely and administer the server (check event
logs, create users etc). I have also given them the right to shut down
the server, as from time to time they may need to bounce the server
for hardware upgrades etc.
Though I do not want them having RDP access or shutdown other servers
within the domain. Unfortunately the GPOs that I've edited give these
users those permissions throughout all domain controllers.
Is there a way to specify which domain controllers I want these users
to be able to RDP & shutdown.
.
- Follow-Ups:
- Re: Logon Using Terminal Services GPO
- From: Mathieu CHATEAU
- Re: Logon Using Terminal Services GPO
- Prev by Date: Re: Permit only one network logon per user
- Next by Date: Re: Microsoft PKI: problem with autoenrollment for domain controllers
- Previous by thread: Permit only one network logon per user
- Next by thread: Re: Logon Using Terminal Services GPO
- Index(es):
Relevant Pages
|
