RE: [ActiveDir] Remote Desktop

Thu, 25 Mar 2004 10:05:43 -0800 



well, at least on my xp box....

setting a gpo on my test ou....

computer configuration/administrative templates/windows components/terminal
services/allow users to connect remotely using terminal services...setting
this to enabled, checks the box, and greys it out....

imho, much better to use the built in fucntions than a custom adm file,
much easier to reverse.






|---------+---------------------------------->
|         |           "Darren Mar-Elia"      |
|         |           <[EMAIL PROTECTED]|
|         |           om>                    |
|         |           Sent by:               |
|         |           [EMAIL PROTECTED]|
|         |           tivedir.org            |
|         |                                  |
|         |                                  |
|         |           03/25/2004 10:50 AM    |
|         |           Please respond to      |
|         |           ActiveDir              |
|         |                                  |
|---------+---------------------------------->
  
>----------------------------------------------------------------------------------------------------------------------|
  |                                                                                    
                                  |
  |       To:       <[EMAIL PROTECTED]>                                                
                       |
  |       cc:                                                                          
                                  |
  |       Subject:  RE: [ActiveDir] Remote Desktop                                     
                                  |
  
>----------------------------------------------------------------------------------------------------------------------|





You can use this custom ADM to enable that little check box. I can't
claim credit for it however. It was posted by a guy named Joe Elway from
Ireland on the GPO forum I moderate. Pretty useful.


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
CLASS MACHINE ;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

CATEGORY "Custom"
CATEGORY "Remote Control"

POLICY "Enable Remtoe Control"

#if version >= 4
SUPPORTED "XP and W2003"
#endif

KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN "Enable Remote Control"
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY ; Custom
END CATEGORY ; Remote Control



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia,
Lynden - Revios Toronto
Sent: Thursday, March 25, 2004 7:41 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Remote Desktop

I thought that was the case "Domain Admins have access to Remote Desktop
by default".  But how do you activate it via AD.  If the Allow users to
connect remotely to this computer is not checked this is useless.


Lynden

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 9:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote Desktop





i have a question here:

unless something has changed, domain admins should be populated in the
local administrators group when you join the domain.......so, by default
they should have remote access rights.

there are ways to block this with policy, and the most obvious one would
be
to use restricted groups on the local administrators group, without
putting
in domain admins. that could be pretty dangerous, although, a custom
global
group could be populated in there for the rights.

but if everything is on the defaults, it should just be working on its
own.

what am i missing here?

thanks






|---------+---------------------------------->
|         |           "Seyboldt, Volker"     |
|         |           <[EMAIL PROTECTED]|
|         |           >                      |
|         |           Sent by:               |
|         |           [EMAIL PROTECTED]|
|         |           tivedir.org            |
|         |                                  |
|         |                                  |
|         |           03/24/2004 02:29 PM    |
|         |           Please respond to      |
|         |           ActiveDir              |
|         |                                  |
|---------+---------------------------------->

>-----------------------------------------------------------------------
----
---------------------------------------------|
  |
|
  |       To:       <[EMAIL PROTECTED]>
|
  |       cc:
|
  |       Subject:  RE: [ActiveDir] Remote Desktop
|

>-----------------------------------------------------------------------
----
---------------------------------------------|





yes you can
You can use restricted groups in group policies to add any group you
want
to the local "Remote Desktop Users" at each PC.
Members (Users and/or groups) of the PC's local ADministrator group are
also automatically allowed to connect remotly....

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia,
Lynden - Revios Toronto
Sent: Wednesday, March 24, 2004 9:16 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Remote Desktop

Is there a way to add Domain Admins to the Remote Users of every pc in
our
Domain with AD and not go to every PC?


List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/























					Reply via email to