Disabling RDC in a Domain

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Is there a setting in group policy that can disable a user of a winxp pro w/s
from using remote desktop in a domain environment ?
--
Vicky279
 
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Vicky279 wrote:
> Is there a setting in group policy that can disable a user of a winxp
> pro w/s from using remote desktop in a domain environment ?

Remote desktop connection to what? Do you mean, you want to enable RD on
your network, but not allow an individual user to use a specific machine or
group of machines? I wouldn't do this via group policy - I'd create a domain
group that contains user objects permitted to use RD, and add that group to
the computers hosting RD in the properties therein. You can add/remove users
from that group easily on the server.
 
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

The problem is that all the way up until 2 days ago I was able to access my
job pc by vpning into the domain then launching my rdc client on my laptop to
access my machine. Barring someone closing off the port 3389 on the pix
firewall I was trying to figure out how I could have been locked out and no
one else was.Is there a setting in a domain gpo ( not my machine local
policy) that could accomplish this? Is there some other way?

"Lanwench [MVP - Exchange]" wrote:

> Vicky279 wrote:
> > Is there a setting in group policy that can disable a user of a winxp
> > pro w/s from using remote desktop in a domain environment ?
>
> Remote desktop connection to what? Do you mean, you want to enable RD on
> your network, but not allow an individual user to use a specific machine or
> group of machines? I wouldn't do this via group policy - I'd create a domain
> group that contains user objects permitted to use RD, and add that group to
> the computers hosting RD in the properties therein. You can add/remove users
> from that group easily on the server.
>
>
>
 
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Vicky279 wrote:
> The problem is that all the way up until 2 days ago I was able to
> access my job pc by vpning into the domain then launching my rdc
> client on my laptop to access my machine. Barring someone closing off
> the port 3389 on the pix firewall I was trying to figure out how I
> could have been locked out and no one else was.Is there a setting in
> a domain gpo ( not my machine local policy) that could accomplish
> this? Is there some other way?

Are there other admins on this network, and did you ask them if they changed
anything? If you have the VPN tunnel enabled, it seems unlikely that this is
a port issue, but it's hard to say with so little info.

What error messages are you getting when you try to use RD to that desktop?
Can you use it to any other one? Can you or anyone else connect using RD to
that desktop from a computer on the LAN?
>
> "Lanwench [MVP - Exchange]" wrote:
>
>> Vicky279 wrote:
>>> Is there a setting in group policy that can disable a user of a
>>> winxp pro w/s from using remote desktop in a domain environment ?
>>
>> Remote desktop connection to what? Do you mean, you want to enable
>> RD on your network, but not allow an individual user to use a
>> specific machine or group of machines? I wouldn't do this via group
>> policy - I'd create a domain group that contains user objects
>> permitted to use RD, and add that group to the computers hosting RD
>> in the properties therein. You can add/remove users from that group
>> easily on the server.
 
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

A few additional thoughts:

1. Did you get SP2 installed on your work machine? If so, has the
Windows Firewall been enabled? This could be blocking your access.

2. Yes, you can turn off Remote Desktop via Group Policy.
---
Jeffrey Randow (Windows Networking MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows Network Technology Community -
http://www.microsoft.com/windowsserver2003/community/centers/networking/default.mspx
Windows Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communities/wireless.mspx
On Mon, 15 Nov 2004 13:27:56 -0500, "Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote:

>Vicky279 wrote:
>> The problem is that all the way up until 2 days ago I was able to
>> access my job pc by vpning into the domain then launching my rdc
>> client on my laptop to access my machine. Barring someone closing off
>> the port 3389 on the pix firewall I was trying to figure out how I
>> could have been locked out and no one else was.Is there a setting in
>> a domain gpo ( not my machine local policy) that could accomplish
>> this? Is there some other way?
>
>Are there other admins on this network, and did you ask them if they changed
>anything? If you have the VPN tunnel enabled, it seems unlikely that this is
>a port issue, but it's hard to say with so little info.
>
>What error messages are you getting when you try to use RD to that desktop?
>Can you use it to any other one? Can you or anyone else connect using RD to
>that desktop from a computer on the LAN?
>>
>> "Lanwench [MVP - Exchange]" wrote:
>>
>>> Vicky279 wrote:
>>>> Is there a setting in group policy that can disable a user of a
>>>> winxp pro w/s from using remote desktop in a domain environment ?
>>>
>>> Remote desktop connection to what? Do you mean, you want to enable
>>> RD on your network, but not allow an individual user to use a
>>> specific machine or group of machines? I wouldn't do this via group
>>> policy - I'd create a domain group that contains user objects
>>> permitted to use RD, and add that group to the computers hosting RD
>>> in the properties therein. You can add/remove users from that group
>>> easily on the server.
>