RE: [ActiveDir] Terminal Services Permissions

2003-07-21 Thread SEYBOLDT,VOLKER (HP-Germany,ex1)
Hi,

Yes it's indeed the permission on the RPC Connection. You should use
"terminal services configurations" MMC to see rdp permissions. You can allow
the RDP only for those you want. The other option you can set, is the "log
on locally" in group policy.

Regards
Volker

-Original Message-
From: Sullivan, Kevin [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 22, 2003 1:53 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Terminal Services Permissions


It is permissions on the RPC connection itself via the TS manager. (I think
that is where it is). The default is Domain Admins it sounds like someone
changed the default and allowed other users to access the Server in
Administration Mode. You should still only be allowed 2 remote connections
though.

Kevin

-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 21, 2003 6:42 PM
To: [EMAIL PROTECTED]

How do I block certain users from being able to connect to my terminal 
server running in Remote Administration mode? I just installed it but 
all users can log in to the server and manage it which isn't very good 
:-\

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Terminal Services Permissions

2003-07-21 Thread Rick Kingslan
We knew what you meant, Kevin

;-)

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sullivan, Kevin
Sent: Monday, July 21, 2003 8:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Terminal Services Permissions

RDP, RPC man I keep getting TLA confusion today. 

-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2003 7:59 PM
To: [EMAIL PROTECTED]

Errr check your admin group, who is listed there. Either everyone that is
connecting to that box is an admin on that box or someone has modified your
rdp permissions. I would most likely expect the former versus the latter. 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang
Sent: Monday, July 21, 2003 6:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Terminal Services Permissions


How do I block certain users from being able to connect to my terminal
server running in Remote Administration mode? I just installed it but all
users can log in to the server and manage it which isn't very good :-\

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Terminal Services Permissions

2003-07-21 Thread Sullivan, Kevin
RDP, RPC man I keep getting TLA confusion today. 

-Original Message-
From: Joe [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 21, 2003 7:59 PM
To: [EMAIL PROTECTED]

Errr check your admin group, who is listed there. Either everyone that
is connecting to that box is an admin on that box or someone has
modified your rdp permissions. I would most likely expect the former
versus the latter. 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard
Sumilang
Sent: Monday, July 21, 2003 6:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Terminal Services Permissions


How do I block certain users from being able to connect to my terminal 
server running in Remote Administration mode? I just installed it but 
all users can log in to the server and manage it which isn't very good 
:-\

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Terminal Services Permissions

2003-07-21 Thread Joe
Errr check your admin group, who is listed there. Either everyone that
is connecting to that box is an admin on that box or someone has
modified your rdp permissions. I would most likely expect the former
versus the latter. 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard
Sumilang
Sent: Monday, July 21, 2003 6:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Terminal Services Permissions


How do I block certain users from being able to connect to my terminal 
server running in Remote Administration mode? I just installed it but 
all users can log in to the server and manage it which isn't very good 
:-\

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Terminal Services Permissions

2003-07-21 Thread Sullivan, Kevin
It is permissions on the RPC connection itself via the TS manager. (I
think that is where it is). The default is Domain Admins it sounds like
someone changed the default and allowed other users to access the Server
in Administration Mode. You should still only be allowed 2 remote
connections though.

Kevin

-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 21, 2003 6:42 PM
To: [EMAIL PROTECTED]

How do I block certain users from being able to connect to my terminal 
server running in Remote Administration mode? I just installed it but 
all users can log in to the server and manage it which isn't very good 
:-\

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


RE: [ActiveDir] Terminal Services Permissions

2003-07-21 Thread Rick Kingslan
Richard,

If you go to the Teminal Services Configuration applet in Administrative
Tools, then properties, then Permissions, who all is there?  If it should
only be Administrators, remove every one (singly or by group) else and grant
only that group permissions.  If not explicitly granted, then denied in this
case.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang
Sent: Monday, July 21, 2003 5:42 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Terminal Services Permissions

How do I block certain users from being able to connect to my terminal
server running in Remote Administration mode? I just installed it but all
users can log in to the server and manage it which isn't very good :-\

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/