prevent remote desktop connections

Archived from groups: microsoft.public.win2000.security (More info?)

win2000 network

students are bringing in remote desktop software on disk and then gaining
control of other win2000 workstations. Is there not a simple setting in local
security or GPO or something that prevents all remote desktop connections?

please don't answer with 'use only allowed windows apps' in a GPO, as this
is not an option.
3 answers Last reply
More about prevent remote desktop connections
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    If they are gaining control of other workstations then you have a problem with
    user group membership or passwords. You can use Domain Security Policy to
    enforce that users use passwords, enforce the complexity, and maximum password
    age. Other option are to disable file and print sharing on student computers or
    change the user right for access this computer from the network to be only
    domain admins for these computer. That can be done via Group Policy for specific
    groups of computers such as those in an OU. Ipsec filtering policy can also be
    configured via Group Policy to prevent student computers from accessing each
    other but still allow access to domain controllers and authorized computers that
    they need to access. The link below explains ipsec filtering more. --- Steve

    http://www.securityfocus.com/infocus/1559

    "Fabrussio" <Fabrussio@discussions.microsoft.com> wrote in message
    news:B7B221EF-556A-4B80-940A-56DB36E4709C@microsoft.com...
    > win2000 network
    >
    > students are bringing in remote desktop software on disk and then gaining
    > control of other win2000 workstations. Is there not a simple setting in local
    > security or GPO or something that prevents all remote desktop connections?
    >
    > please don't answer with 'use only allowed windows apps' in a GPO, as this
    > is not an option.
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    I am not sure if I understand you question and for a complete answer I could
    use some more information.

    Would you like to completely disable access to terminal services or would
    you like to enable them just for few users?

    If you would like to enable this only for few users (administrators), you
    could create a group and add this group to "Allow logon locally" to GPO for
    the server or on Windows XP and Windows 2003 server add this group to "Allow
    access through Terminal Services". Any users that would not be member of
    groups added to such policy would not be allowed to logon to server using
    Terminal Service...

    --
    Mike
    Microsoft MVP - Windows Security

    "Fabrussio" <Fabrussio@discussions.microsoft.com> wrote in message
    news:B7B221EF-556A-4B80-940A-56DB36E4709C@microsoft.com...
    > win2000 network
    >
    > students are bringing in remote desktop software on disk and then gaining
    > control of other win2000 workstations. Is there not a simple setting in
    > local
    > security or GPO or something that prevents all remote desktop connections?
    >
    > please don't answer with 'use only allowed windows apps' in a GPO, as this
    > is not an option.
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Fabrussio wrote:
    > win2000 network
    >
    > students are bringing in remote desktop software on disk and then gaining
    > control of other win2000 workstations. Is there not a simple setting in local
    > security or GPO or something that prevents all remote desktop connections?
    >
    > please don't answer with 'use only allowed windows apps' in a GPO, as this
    > is not an option.

    1) Does your acceptable use policy forbid the running of non-authorised
    software? If it doesn't, then it ought to. You then have a student
    discipline issue which can be dealt with in the usual way, with any luck
    management will regard it as a very serious offence.

    2) You have no reason why they should run software from disks, therefore
    use security policies to prevent them running applications from this
    location (ditto anywhere else YOU haven't installed software).
Ask a new question

Read More

Remote Desktop Security Microsoft Windows