This comes from an earlier email in this list on how to add additional users
to log in to WIN2K Terminal Server in remote admin mode.
-----------------------------
Open Terminal Services Configuration (it's in Administrative Tools)
In the command pane (the left-hand pane of the MMC console), click on
"Connections."
In the right-hand pane, you'll see an icon representing a connection (a hard
disk atop a network connection) and the words "RDP-Tcp," "tcp," and
"Microsoft RDP 5.0." Double-click the icon to bring up its Properties
dialog, or just right-click the icon and choose "Properties." You'll see a
property page labeled "RDP-Tcp Properties."
Click the "Permissions" tab.
Note that right now, the tab shows only the System account and the local
Administrators group. Add any person or group that you like, and they'll be
able to log onto the server via Terminal Services
-------------------
My guess is if you removed the Domain Admins from the local admin group on
the Terminal Server, and included the Domain Users group into the
Permissions Tab, you should be good to go. Create a local admin account, or
alternatively add one user account to the local admin group, and if you want
to, you should be able to deny access for that account in the permissions
tab in Terminal Services Configuration. That way the one account that can
administer the server, can only do so from the console.
Again, this is theory, as I cannot test this out, but I am sure one of the
incredibly bright and professional individuals who I am happy to call
colleagues will be able to find any holes in my advice. I hope this helps
you, and I apologize if I offended you with my comments, I was just trying
to be clever.
-----Original Message-----
From: Ralph Davis [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 8:43 AM
To: NT System Admin Issues
Subject: Re:Denying TS Access to admin
If I was going to try something like this I would create a group and put all
the
domain admins in it and then deny this group the right to access the TS from
the
network.
ralph
____________________Reply Separator____________________
Subject: Denying TS Access to admin
Author: NT System Admin Issues <[EMAIL PROTECTED]>
Date: 08/29/2001 1:50 AM
Hi,
Under W2K Server; does anybody have some smart idea about how to deny
Terminal Services access to administrators while allowing regular users ?
If I somehow deny access to the administrator group, I end up with access
being denied to all or even the TS logon process impossible through some
secondary effect.
I want to be sure that whatever happens the Admin logs on the physical
console
thanks in advance,
Marc Neiger
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
