Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > prevent remote desktop connections

prevent remote desktop connections

Forum Windows 2000/NT : Windows 2000/NT General Discussion - prevent remote desktop connections

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   02-23-2005 at 04:51:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

 

win2000 network

students are bringing in remote desktop software on disk and then gaining
control of other win2000 workstations. Is there not a simple setting in local
security or GPO or something that prevents all remote desktop connections?

please don't answer with 'use only allowed windows apps' in a GPO, as this
is not an option.

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   02-24-2005 at 06:07:35 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

I am not sure if I understand you question and for a complete answer I could
use some more information.

Would you like to completely disable access to terminal services or would
you like to enable them just for few users?

If you would like to enable this only for few users (administrators), you
could create a group and add this group to "Allow logon locally" to GPO for
the server or on Windows XP and Windows 2003 server add this group to "Allow
access through Terminal Services". Any users that would not be member of
groups added to such policy would not be allowed to logon to server using
Terminal Service...

--
Mike
Microsoft MVP - Windows Security

"Fabrussio" <Fabrussio@discussions.microsoft.com> wrote in message
news:B7B221EF-556A-4B80-940A-56DB36E4709C@microsoft.com...
> win2000 network
>
> students are bringing in remote desktop software on disk and then gaining
> control of other win2000 workstations. Is there not a simple setting in
> local
> security or GPO or something that prevents all remote desktop connections?
>
> please don't answer with 'use only allowed windows apps' in a GPO, as this
> is not an option.

Reply to Anonymous
Anonymous   02-24-2005 at 05:06:38 AM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

If they are gaining control of other workstations then you have a problem with
user group membership or passwords. You can use Domain Security Policy to
enforce that users use passwords, enforce the complexity, and maximum password
age. Other option are to disable file and print sharing on student computers or
change the user right for access this computer from the network to be only
domain admins for these computer. That can be done via Group Policy for specific
groups of computers such as those in an OU. Ipsec filtering policy can also be
configured via Group Policy to prevent student computers from accessing each
other but still allow access to domain controllers and authorized computers that
they need to access. The link below explains ipsec filtering more. --- Steve

http://www.securityfocus.com/infocus/1559

"Fabrussio" <Fabrussio@discussions.microsoft.com> wrote in message
news:B7B221EF-556A-4B80-940A-56DB36E4709C@microsoft.com...
> win2000 network
>
> students are bringing in remote desktop software on disk and then gaining
> control of other win2000 workstations. Is there not a simple setting in local
> security or GPO or something that prevents all remote desktop connections?
>
> please don't answer with 'use only allowed windows apps' in a GPO, as this
> is not an option.

Reply to Anonymous
Anonymous   02-24-2005 at 03:29:19 PM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

Fabrussio wrote:
> win2000 network
>
> students are bringing in remote desktop software on disk and then gaining
> control of other win2000 workstations. Is there not a simple setting in local
> security or GPO or something that prevents all remote desktop connections?
>
> please don't answer with 'use only allowed windows apps' in a GPO, as this
> is not an option.

1) Does your acceptable use policy forbid the running of non-authorised
software? If it doesn't, then it ought to. You then have a student
discipline issue which can be dealt with in the usual way, with any luck
management will regard it as a very serious offence.

2) You have no reason why they should run software from disks, therefore
use security policies to prevent them running applications from this
location (ditto anywhere else YOU haven't installed software).

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > prevent remote desktop connections
Go to:

There are 856 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.431 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?