I don't have an answer to your question - but I'd love to know where this "best practice" is documented, in any of Microsoft's documentation, NIST documentation, ITIL, or where?
From: James Rankin [mailto:[email protected]] Sent: Wednesday, April 11, 2012 9:52 AM To: NT System Admin Issues Subject: Changing permissions on RDP connector via Registry I have a client with a requirement to remove the Remote Desktop Users group from the security page on the RDP connector so that only admins can use RDP. I have floated the idea of simply controlling the Remote Desktop Users group, but they were recommended this "best practice" by a separate company and are intent on implementing it. Short of visiting each RDS server and running tsconfig.msc, is there any way I can remove Remote Desktop Users from the security tab by GPO or Registry setting? I can't find a GPO setting for it, so I am hoping someone knows the Registry key that pertains to this....my Google-fu appears sadly lacking today. TIA, JRR ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
