i'm managing a W2008 Server box. As for maintenance i need for some hours to deny access to all users in the Remote Desktop Users and Allow Administrators only. I've tried in gpedit.msc under user rights to deny Users group but still Administrators can't log in because it returns rights error. Please i'm so desperated any help? Why if i deny Users group to remote desktop connection Administrators can't log in also? Thank you!
Denying\Allowing Remote Desktop Users in Windows 2008 Server r2
remote desktopremote-desktop-servicesusers
Related Topic
- Edit “Remote Desktop Users” through group policy
- Security – Remote Desktop Connection Denied because the user account is not authorized for remote login
- Denying/Allowing Remote Desktop Users in Windows 2008 Server R2
- How to allow active directory users to remote desktop in
- Azure AD Users logging into Remote Desktop Server
Best Answer
This is the normal ACL behavior on Windows. DENY takes precedence over allows. If you deny all users, then all users will be denied. If you don't want some users to have access to something you need to remove the ACE that permits that group of users access.
Instead of messing around with permissions, why not disable new connections by putting the terminal server into drain mode?
Adjust the drain-mode registry value with one of these options. Administrators will still be able to connect when using the
/admin
switch.You can also enable drain-mode through the GUI.