RE: [ActiveDir] Terminal Services Permissions
Hi, Yes it's indeed the permission on the RPC Connection. You should use "terminal services configurations" MMC to see rdp permissions. You can allow the RDP only for those you want. The other option you can set, is the "log on locally" in group policy. Regards Volker -Original Message- From: Sullivan, Kevin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 1:53 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Terminal Services Permissions It is permissions on the RPC connection itself via the TS manager. (I think that is where it is). The default is Domain Admins it sounds like someone changed the default and allowed other users to access the Server in Administration Mode. You should still only be allowed 2 remote connections though. Kevin -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 6:42 PM To: [EMAIL PROTECTED] How do I block certain users from being able to connect to my terminal server running in Remote Administration mode? I just installed it but all users can log in to the server and manage it which isn't very good :-\ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Terminal Services Permissions
We knew what you meant, Kevin ;-) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sullivan, Kevin Sent: Monday, July 21, 2003 8:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Terminal Services Permissions RDP, RPC man I keep getting TLA confusion today. -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 7:59 PM To: [EMAIL PROTECTED] Errr check your admin group, who is listed there. Either everyone that is connecting to that box is an admin on that box or someone has modified your rdp permissions. I would most likely expect the former versus the latter. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang Sent: Monday, July 21, 2003 6:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Terminal Services Permissions How do I block certain users from being able to connect to my terminal server running in Remote Administration mode? I just installed it but all users can log in to the server and manage it which isn't very good :-\ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Terminal Services Permissions
RDP, RPC man I keep getting TLA confusion today. -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 7:59 PM To: [EMAIL PROTECTED] Errr check your admin group, who is listed there. Either everyone that is connecting to that box is an admin on that box or someone has modified your rdp permissions. I would most likely expect the former versus the latter. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang Sent: Monday, July 21, 2003 6:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Terminal Services Permissions How do I block certain users from being able to connect to my terminal server running in Remote Administration mode? I just installed it but all users can log in to the server and manage it which isn't very good :-\ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Terminal Services Permissions
Errr check your admin group, who is listed there. Either everyone that is connecting to that box is an admin on that box or someone has modified your rdp permissions. I would most likely expect the former versus the latter. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang Sent: Monday, July 21, 2003 6:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Terminal Services Permissions How do I block certain users from being able to connect to my terminal server running in Remote Administration mode? I just installed it but all users can log in to the server and manage it which isn't very good :-\ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Terminal Services Permissions
It is permissions on the RPC connection itself via the TS manager. (I think that is where it is). The default is Domain Admins it sounds like someone changed the default and allowed other users to access the Server in Administration Mode. You should still only be allowed 2 remote connections though. Kevin -Original Message- From: Richard Sumilang [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 6:42 PM To: [EMAIL PROTECTED] How do I block certain users from being able to connect to my terminal server running in Remote Administration mode? I just installed it but all users can log in to the server and manage it which isn't very good :-\ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Terminal Services Permissions
Richard, If you go to the Teminal Services Configuration applet in Administrative Tools, then properties, then Permissions, who all is there? If it should only be Administrators, remove every one (singly or by group) else and grant only that group permissions. If not explicitly granted, then denied in this case. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sumilang Sent: Monday, July 21, 2003 5:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Terminal Services Permissions How do I block certain users from being able to connect to my terminal server running in Remote Administration mode? I just installed it but all users can log in to the server and manage it which isn't very good :-\ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
