One of the clients I manage runs an RDS environment on Windows Server 2008 R2 servers which users log onto to work. I need to prevent users allowing applications to restart these servers, the kicker is that they are all Local Admins (due to the requirements of the application that they run). What GP(s) would you recommend be applied to solve this? I currently have the following set:
Computer Config > Policy > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Shut down the system.
Only allowing Domain Admins to shut down the system, I believe this is only applying to local shutdowns, not remote.
Best Answer
Yes, this policy determines which users who are logged on locally to the computer can shut it down.
See description on the
Explaintab:You may also look at another policy in this location (i.e. under User Rights Assignment:) - Force shutdown from a remote system.
Administrators are members by default.
Removing Administrators from both policies - would disallow them to shutdown the RDS host, either locally or remotely.