Remote Desktop and Service Pack 2
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)
Hi, i have a problem with Remote Desktop that i hope somebody can help me
with:
Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality.
Normally, users must be a member of the local 'Remote Desktop Users' group
before they could logon via Remote Desktop. However, if they were already
logged into the target workstation (and had locked it etc) then they could
Remote Desktop to it without being in the local Remote Desktop Users group.
This was most useful, as it meant that people could use their 'own' machine,
but not connect to any others.
Under WindowsXP SP2, this no longer works and users MUST be a member of the
'Remote Desktop Users' group before connecting. (BTW I know that this is not
a firewall issue, as if i place the user account into the Remote Desktop
users group they can connect OK). A little digging with Security Analysis
shows the following:
SP1 - Allow Logon Through Terminal Services = Administrators, Users
SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop
Users
Ok, so i found a difference. so I used GP to add the Users group into the
'Allow Logon Through Terminal Services' right. However, sadly this now means
that ANYBODY can Remote Desktop to a machine, which is not what i want.
Does anybody know if this change in SP2 was deliberate, and if a workaround
exists? We are keen to make the Remote Desktop functionaility available to
the person who is currently logged on to the workstation, without having to
put individuals into the local group, and without letting anybody else
connect
Many thanks
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
Hi, i have a problem with Remote Desktop that i hope somebody can help me
with:
Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality.
Normally, users must be a member of the local 'Remote Desktop Users' group
before they could logon via Remote Desktop. However, if they were already
logged into the target workstation (and had locked it etc) then they could
Remote Desktop to it without being in the local Remote Desktop Users group.
This was most useful, as it meant that people could use their 'own' machine,
but not connect to any others.
Under WindowsXP SP2, this no longer works and users MUST be a member of the
'Remote Desktop Users' group before connecting. (BTW I know that this is not
a firewall issue, as if i place the user account into the Remote Desktop
users group they can connect OK). A little digging with Security Analysis
shows the following:
SP1 - Allow Logon Through Terminal Services = Administrators, Users
SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop
Users
Ok, so i found a difference. so I used GP to add the Users group into the
'Allow Logon Through Terminal Services' right. However, sadly this now means
that ANYBODY can Remote Desktop to a machine, which is not what i want.
Does anybody know if this change in SP2 was deliberate, and if a workaround
exists? We are keen to make the Remote Desktop functionaility available to
the person who is currently logged on to the workstation, without having to
put individuals into the local group, and without letting anybody else
connect
Many thanks
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
More about : remote desktop service pack
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Hi Jim,
I have noticed you submitted another thread to discuss the same issue. In
order to keep the thread clean, would you mind we discuss this issue in
another thread?
Thank you for your understanding!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Hi Jim,
I have noticed you submitted another thread to discuss the same issue. In
order to keep the thread clean, would you mind we discuss this issue in
another thread?
Thank you for your understanding!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
> In order to keep the thread clean, would you mind we discuss this issue in
> another thread?
Sure, no problem. Does that mean i can look forward to an answer in the
windowsxp.general thread then? :-)
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
"Rebecca Chen [MSFT]" <v-rebc@online.microsoft.com> wrote in message
news:ZpON38EBFHA.2660@cpmsftngxa10.phx.gbl...
> Hi Jim,
>
> I have noticed you submitted another thread to discuss the same issue. In
> order to keep the thread clean, would you mind we discuss this issue in
> another thread?
>
> Thank you for your understanding!
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> In order to keep the thread clean, would you mind we discuss this issue in
> another thread?
Sure, no problem. Does that mean i can look forward to an answer in the
windowsxp.general thread then? :-)
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
"Rebecca Chen [MSFT]" <v-rebc@online.microsoft.com> wrote in message
news:ZpON38EBFHA.2660@cpmsftngxa10.phx.gbl...
> Hi Jim,
>
> I have noticed you submitted another thread to discuss the same issue. In
> order to keep the thread clean, would you mind we discuss this issue in
> another thread?
>
> Thank you for your understanding!
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Yes, currently, I am building up the enviornment to test it.![:)]( ":)")
Thank you for your patience!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Yes, currently, I am building up the enviornment to test it.
Thank you for your patience!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Related ressources:
- ForumWinServ 2003 Enterprise: Fails Service Pack2 + RDP fails to init
- ForumUrgent - Win XP Terminal Service ( remote desktop connection)
- ForumWindows XP Service Pack 2
- ForumVista Service Pack 3
- ForumDO NOT INSTALL Service Pack 3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- ForumInstalled Service Pack 2 - All I get is a desktop picture
- ForumServer 2 K3 Remote Desktop Access - is this right place?
- ForumXP Service Pack 2 does not include Bluetooth devices
- ForumService Pack 2 ?
- ForumService Pack 2 installation
- ForumService Pack 2 Installation Package
- ForumService Pack 2 ?
- ForumXP Service Pack 2 Deployment - Unique Problem
- ForumRemote Desktop Connection Issue
- ForumRemote Desktop ?
- ForumRemote Desktop Connection does not encrypt with ipsec
- ForumRemote Desktop
- Forumremote desktop
- ForumGetting past administrative password
- ForumUnable to connect to WMI service 'rootcimv2'
- More resources
Read discussions in other Windows XP categories
!
