Remote Desktop and Service Pack 2

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Hi, i have a problem with Remote Desktop that i hope somebody can help me
with:

Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality.
Normally, users must be a member of the local 'Remote Desktop Users' group
before they could logon via Remote Desktop. However, if they were already
logged into the target workstation (and had locked it etc) then they could
Remote Desktop to it without being in the local Remote Desktop Users group.
This was most useful, as it meant that people could use their 'own' machine,
but not connect to any others.

Under WindowsXP SP2, this no longer works and users MUST be a member of the
'Remote Desktop Users' group before connecting. (BTW I know that this is not
a firewall issue, as if i place the user account into the Remote Desktop
users group they can connect OK). A little digging with Security Analysis
shows the following:

SP1 - Allow Logon Through Terminal Services = Administrators, Users
SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop
Users

Ok, so i found a difference. so I used GP to add the Users group into the
'Allow Logon Through Terminal Services' right. However, sadly this now means
that ANYBODY can Remote Desktop to a machine, which is not what i want.

Does anybody know if this change in SP2 was deliberate, and if a workaround
exists? We are keen to make the Remote Desktop functionaility available to
the person who is currently logged on to the workstation, without having to
put individuals into the local group, and without letting anybody else
connect

Many thanks
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi Jim,

I have noticed you submitted another thread to discuss the same issue. In
order to keep the thread clean, would you mind we discuss this issue in
another thread?

Thank you for your understanding!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

> In order to keep the thread clean, would you mind we discuss this issue in
> another thread?

Sure, no problem. Does that mean i can look forward to an answer in the
windowsxp.general thread then? :)

--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton

"Rebecca Chen [MSFT]" <v-rebc@online.microsoft.com> wrote in message
news:ZpON38EBFHA.2660@cpmsftngxa10.phx.gbl...
> Hi Jim,
>
> I have noticed you submitted another thread to discuss the same issue. In
> order to keep the thread clean, would you mind we discuss this issue in
> another thread?
>
> Thank you for your understanding!
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yes, currently, I am building up the enviornment to test it. :)

Thank you for your patience!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.