Yea, that works too :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 25, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Remote Desktop
well, at least on my xp box.... setting a gpo on my test ou.... computer configuration/administrative templates/windows components/terminal services/allow users to connect remotely using terminal services...setting this to enabled, checks the box, and greys it out.... imho, much better to use the built in fucntions than a custom adm file, much easier to reverse. |---------+----------------------------------> | | "Darren Mar-Elia" | | | <[EMAIL PROTECTED]| | | om> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 03/25/2004 10:50 AM | | | Please respond to | | | ActiveDir | | | | |---------+----------------------------------> >----------------------------------------------------------------------- -----------------------------------------------| | | | To: <[EMAIL PROTECTED]> | | cc: | | Subject: RE: [ActiveDir] Remote Desktop | >----------------------------------------------------------------------- -----------------------------------------------| You can use this custom ADM to enable that little check box. I can't claim credit for it however. It was posted by a guy named Joe Elway from Ireland on the GPO forum I moderate. Pretty useful. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; CLASS MACHINE ;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; CATEGORY "Custom" CATEGORY "Remote Control" POLICY "Enable Remtoe Control" #if version >= 4 SUPPORTED "XP and W2003" #endif KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server" EXPLAIN "Enable Remote Control" VALUENAME "fDenyTSConnections" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY END CATEGORY ; Custom END CATEGORY ; Remote Control -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios Toronto Sent: Thursday, March 25, 2004 7:41 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Remote Desktop I thought that was the case "Domain Admins have access to Remote Desktop by default". But how do you activate it via AD. If the Allow users to connect remotely to this computer is not checked this is useless. Lynden -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Remote Desktop i have a question here: unless something has changed, domain admins should be populated in the local administrators group when you join the domain.......so, by default they should have remote access rights. there are ways to block this with policy, and the most obvious one would be to use restricted groups on the local administrators group, without putting in domain admins. that could be pretty dangerous, although, a custom global group could be populated in there for the rights. but if everything is on the defaults, it should just be working on its own. what am i missing here? thanks |---------+----------------------------------> | | "Seyboldt, Volker" | | | <[EMAIL PROTECTED]| | | > | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 03/24/2004 02:29 PM | | | Please respond to | | | ActiveDir | | | | |---------+----------------------------------> >----------------------------------------------------------------------- ---- ---------------------------------------------| | | | To: <[EMAIL PROTECTED]> | | cc: | | Subject: RE: [ActiveDir] Remote Desktop | >----------------------------------------------------------------------- ---- ---------------------------------------------| yes you can You can use restricted groups in group policies to add any group you want to the local "Remote Desktop Users" at each PC. Members (Users and/or groups) of the PC's local ADministrator group are also automatically allowed to connect remotly.... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philadelphia, Lynden - Revios Toronto Sent: Wednesday, March 24, 2004 9:16 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Remote Desktop Is there a way to add Domain Admins to the Remote Users of every pc in our Domain with AD and not go to every PC? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
