Is there a way to allow a non admin user access to kill rogue RDP sessions on Windows Server 2016 using Group Policy? Our network consists of hundreds of 2016 and 2012r2 servers so we're trying to do this with GP instead of individually on each server.
This post is related, only our servers do not have the RDSH role applied, and it seems this would need to be configured on each server individually.
Best Answer
Not granularly, but you can update the Security registry value for specified servers/groups of servers to replace the entire security descriptor with your custom value:
Key: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Value: Security
Value Type: REG_BINARY
Set the permissions on a server, then use Group Policy Preferences to import the registry value:
If you need a method to change the Security registry valued to add/modify permissions, you can use this tool:
https://www.rdpsoft.com/products/remote-desktop-commander/lite/