Hi,
It seems like my question raised more issues than answers :-)
The TS is going to be in a DMZ and accessible somehow from the internet. For
security, I'd like to restrict access so that it can not be administered if
you do not have physical access, and so, I want to deny TS access to
administrators. Maybe someone can come up with a better principle ?
As for what I tried, it is fairly simple, I tried fiddling with the
permission tab in the RDP connexion, trying to deny access to admin "total
control" or also trying individual rights in the advanced pane. Maybe I
wasn't able to find the proper combination.
Thanks,
Marc Neiger
Groupe Synergie Informatique
> -----Original Message-----
> From: Kent Spencer [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 29, 2001 12:36 PM
> To: NT System Admin Issues
> Subject: Re: Denying TS Access to admin
>
>
> .. how did you disable the Administrator group to make it break?
>
> --- Marc Neiger <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Under W2K Server; does anybody have some smart idea about how to deny
> Terminal Services access to administrators while allowing regular
> users ?
>
> If I somehow deny access to the administrator group, I end up with
> access being denied to all or even the TS logon process impossible
> through some secondary effect.
>
> I want to be sure that whatever happens the Admin logs on the physical
> console
>
> thanks in advance,
> Marc Neiger
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with
> Yahoo! Messenger
> http://phonecard.yahoo.com/
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
>
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm