RDP Protocol question

Discussion in 'MCSE' started by none@set.yet, May 30, 2006.

  1. Guest

    2 part question.

    RDP Protocol traffic only allowed to Domain Admins.


    Also,

    To only allow domain admins to RDP into a set list of servers on 192.168.x.x, disabling the ability
    to RDP/MSTSC into servers outside of the domain on the general internet.




    --
    ----------------------------------------------
    Posted with NewsLeecher v3.5 Beta 3
    * Binary Usenet Leeching Made Easy
    * http://www.newsleecher.com/?usenet
    ----------------------------------------------
    , May 30, 2006
    #1
    1. Advertising

  2. Kurt Guest

    First of all these are not questions.

    > RDP Protocol traffic only allowed to Domain Admins.


    What's your question? Let's take a stab. Maybe you meant:

    Are RDP sessions only allowed to domain admins?

    or maybe

    Is there a way to limit RDP sessions to domain admins?

    By default, only an administrator is allowed interactive logons ot a domain
    controller, which includes RDP sessions. If you want others to have that
    ability, you'll need to delegate them the appropriate rights.

    On a non-DC, in remote admin mode only admins are allowed by default. In app
    server mode, users are allowed.

    Second "question"

    The only way I would know to do this is to explicitly deny the right to
    logon locally to the Internet-connected servers. If they're not your
    servers, you could block port 3389 outbound (of course the server admin
    could always change the port).

    ....kurt



    "Ryan" <> wrote in message
    news:447c456b$0$18178$...
    >2 part question.
    >
    > RDP Protocol traffic only allowed to Domain Admins.
    >
    >
    > Also,
    >
    > To only allow domain admins to RDP into a set list of servers on
    > 192.168.x.x, disabling the ability
    > to RDP/MSTSC into servers outside of the domain on the general internet.
    >
    >
    >
    >
    > --
    > ----------------------------------------------
    > Posted with NewsLeecher v3.5 Beta 3
    > * Binary Usenet Leeching Made Easy
    > * http://www.newsleecher.com/?usenet
    > ----------------------------------------------
    >
    Kurt, May 30, 2006
    #2
    1. Advertising

  3. Guest

    We're not worried about normal users rdp'ing into servers, that is already taken care of.


    I'm just trying to figure out a way using GP to globally remove mstsc priveleges from users who
    authenticate in AD, that aren't in a specified group. If they are in that group, they would be
    allowed to RDP into the non-mentioned box in this post (boxfoo1, etc).

    However, all other users on the domain if they try to initiate mstsc traffic, because the
    application is installed on XP SP2 box, nothing will happen due to a configuration I desire to give
    that result.

    For the users that do have membership to the AD group that allows then RDP access to the boxfoo1,
    they would be denied using mstsc to initiate traffic to any other box internally or outside on the
    global Internet. An in your face policy denial that says: sorry, mstsc is broke, you can only
    connect to 192.168.1.boxfoo1(IP).





    You mentioned if we're worried about users mstsc'ing into server(s), but that isn't an issue, those
    policy's are already taken care of :)





    Ryan.

    --
    ----------------------------------------------
    Posted with NewsLeecher v3.5 Beta 3
    * Binary Usenet Leeching Made Easy
    * http://www.newsleecher.com/?usenet
    ----------------------------------------------
    , May 30, 2006
    #3
  4. Software restriction group policy?

    --
    ..rev - mct.mcngp.44
    ..
    "It is the mark of an educated man to be able to entertain a thought without
    accepting it"
    ~Aristotle.
    ..
    "Ryan" <> wrote in message
    news:447c5c70$0$18170$...
    | We're not worried about normal users rdp'ing into servers, that is already
    taken care of.
    |
    |
    | I'm just trying to figure out a way using GP to globally remove mstsc
    priveleges from users who
    | authenticate in AD, that aren't in a specified group. If they are in that
    group, they would be
    | allowed to RDP into the non-mentioned box in this post (boxfoo1, etc).
    |
    | However, all other users on the domain if they try to initiate mstsc
    traffic, because the
    | application is installed on XP SP2 box, nothing will happen due to a
    configuration I desire to give
    | that result.
    |
    | For the users that do have membership to the AD group that allows then RDP
    access to the boxfoo1,
    | they would be denied using mstsc to initiate traffic to any other box
    internally or outside on the
    | global Internet. An in your face policy denial that says: sorry, mstsc is
    broke, you can only
    | connect to 192.168.1.boxfoo1(IP).
    |
    |
    |
    |
    |
    | You mentioned if we're worried about users mstsc'ing into server(s), but
    that isn't an issue, those
    | policy's are already taken care of :)
    |
    |
    |
    |
    |
    | Ryan.
    |
    | --
    | ----------------------------------------------
    | Posted with NewsLeecher v3.5 Beta 3
    | * Binary Usenet Leeching Made Easy
    | * http://www.newsleecher.com/?usenet
    | ----------------------------------------------
    |
    The Rev [MCT], May 30, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. news.comcast.giganews.com

    Protocol Chart - Learn how to use a Protocol Analyzer

    news.comcast.giganews.com, Aug 21, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    2,845
    news.comcast.giganews.com
    Aug 21, 2004
  2. Paul King

    RDP over Wireless SP2

    Paul King, Jun 13, 2005, in forum: Wireless Networking
    Replies:
    4
    Views:
    2,431
    Sooner Al [MVP]
    Jun 13, 2005
  3. jsandlin0803
    Replies:
    4
    Views:
    761
    Joel Salminen
    Jan 21, 2006
  4. LL2000

    RDP question

    LL2000, Nov 27, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    514
    Thund3rstruck_n0i
    Nov 27, 2004
  5. nc

    Confusing Windows 2003 RDP Question

    nc, Oct 11, 2007, in forum: Computer Support
    Replies:
    1
    Views:
    499
    John Holmes
    Oct 11, 2007
Loading...

Share This Page