I must grant only domain admin members to open a server desktop session. How to limit desktop access to some computers (typically servers) for some groups only?
Asked
Active
Viewed 1,452 times
1 Answers
4
If you mean terminal server sessions : You could make your AD group which you want to have access member of local group "Remote Desktop Users" on servers you wish.
If you mean on real console session : You shoud make an GPO with "Allow log on locally" configured for these groups in : Computer Configuration -> Policies -> Windows settings -> Security settings -> Local policies -> User Rights Assignment -> Allow log on localy.
Be sure to add "Administrators" local group first !
Use Security Filtering to apply this GPO only to servers you wish.
If it is only for one or two servers maybe Domain GPO is overkill, you could set this localy from Administrative Tools -> Local Security Policy -> Security Settings -> Local Policies -> User Rights Assigment -> Allow logon localy.
DUAdmin
- 56
- 1
- 5