Restricting interactive login only to terminal services

TheMSsForum.com: The Microsoft Software Forum

Hello,

I want to set up my win 2003 server (with Terminal Server (TS) role)
so that all users (non-admin, or speciafied exceptions) have the right
to log in interactively only via TS, but not via console login. This
restriction should not be domain-wide, but only on the TS/DC itself.
Knowing the flexibility of Windows I am sure this can be done. I am
totally comfortable with messing with something like scripting or wmi
filtering if there's no "user-friendly" way of achieving this.

Thank you.
Top

Re: Restricting interactive login only to terminal services by jwgoerlich

jwgoerlich
Thu May 10 11:04:07 CDT 2007

Greetings,

To restate your goal, grant users in a specified group access the
computer via RDP and yet block them from logging onto the console.

Open Local Security Policy
Expand Security Settings > Local Policies > User Rights Assignment

Add the specified group to two policies:

Allow log on through Terminal Services
Deny log on locally

Regards,

J Wolfgang Goerlich

On May 10, 7:17 am, parahumanoid <parahuman...@excite.com> wrote:
> Hello,
>
> I want to set up my win 2003 server (with Terminal Server (TS) role)
> so that all users (non-admin, or speciafied exceptions) have the right
> to log in interactively only via TS, but not via console login. This
> restriction should not be domain-wide, but only on the TS/DC itself.
> Knowing the flexibility of Windows I am sure this can be done. I am
> totally comfortable with messing with something like scripting or wmi
> filtering if there's no "user-friendly" way of achieving this.
>
> Thank you.


Top

Re: Restricting interactive login only to terminal services by parahumanoid

parahumanoid
Thu May 10 12:09:46 CDT 2007

Silly me,

For some reason I recalled the policy object containing a policy about
_interactive_ login (which would include both local and rdp, if it
were the case). My memory is playing tricks on me. Thank you.

Top

Re: Restricting interactive login only to terminal services by Roger

Roger
Thu May 10 16:15:57 CDT 2007

"parahumanoid" <parahumanoid@excite.com> wrote in message
news:1178816986.237638.77470@e65g2000hsc.googlegroups.com...
> Silly me,
>
> For some reason I recalled the policy object containing a policy about
> _interactive_ login (which would include both local and rdp, if it
> were the case). My memory is playing tricks on me. Thank you.
>

No, not playing trick, just not tabulating in time.
What you recall is pre-XP era.


Top