G
Guest
Guest
Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)
Hi, i have a problem with Remote Desktop that i hope somebody can help me
with:
Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality.
Normally, users must be a member of the local 'Remote Desktop Users' group
before they could logon via Remote Desktop. However, if they were already
logged into the target workstation (and had locked it etc) then they could
Remote Desktop to it without being in the local Remote Desktop Users group.
This was most useful, as it meant that people could use their 'own' machine,
but not connect to any others.
Under WindowsXP SP2, this no longer works and users MUST be a member of the
'Remote Desktop Users' group before connecting. (BTW I know that this is not
a firewall issue, as if i place the user account into the Remote Desktop
users group they can connect OK). A little digging with Security Analysis
shows the following:
SP1 - Allow Logon Through Terminal Services = Administrators, Users
SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop
Users
Ok, so i found a difference. so I used GP to add the Users group into the
'Allow Logon Through Terminal Services' right. However, sadly this now means
that ANYBODY can Remote Desktop to a machine, which is not what i want.
Does anybody know if this change in SP2 was deliberate, and if a workaround
exists? We are keen to make the Remote Desktop functionaility available to
the person who is currently logged on to the workstation, without having to
put individuals into the local group, and without letting anybody else
connect
Many thanks
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
Hi, i have a problem with Remote Desktop that i hope somebody can help me
with:
Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality.
Normally, users must be a member of the local 'Remote Desktop Users' group
before they could logon via Remote Desktop. However, if they were already
logged into the target workstation (and had locked it etc) then they could
Remote Desktop to it without being in the local Remote Desktop Users group.
This was most useful, as it meant that people could use their 'own' machine,
but not connect to any others.
Under WindowsXP SP2, this no longer works and users MUST be a member of the
'Remote Desktop Users' group before connecting. (BTW I know that this is not
a firewall issue, as if i place the user account into the Remote Desktop
users group they can connect OK). A little digging with Security Analysis
shows the following:
SP1 - Allow Logon Through Terminal Services = Administrators, Users
SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop
Users
Ok, so i found a difference. so I used GP to add the Users group into the
'Allow Logon Through Terminal Services' right. However, sadly this now means
that ANYBODY can Remote Desktop to a machine, which is not what i want.
Does anybody know if this change in SP2 was deliberate, and if a workaround
exists? We are keen to make the Remote Desktop functionaility available to
the person who is currently logged on to the workstation, without having to
put individuals into the local group, and without letting anybody else
connect
Many thanks
--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton