RDPSoft

Remote Desktop and Terminal Server Software

We Monitor, Manage & Fix RDS, AVD, Citrix and Parallels RAS
  • Products / Services
    • Not Sure Where To Start?
    • The Complete Monitoring and Management Bundle For End User Computing
    • RDS / AVD Monitoring & Reporting
      • Remote Desktop Commander Suite
      • Sysmundo
    • RDS / AVD Management and RMM Tools
      • Remote Desktop Commander Lite (Free RDS/AVD Management Tool)
      • Remote Assistance RMM Tool + Delegation of Management for RDS/AVD Support Desk
      • Automatic Resolution of Locked Profiles and Stuck Sessions
    • RDS/AVD Synthetic Login Monitoring / Connection Time / Uptime Monitoring Tools
      • Remote Desktop Canary
    • RDS/AVD/Citrix Profile and Session Problem Remediation
      • Fix My Session
    • Digital Forensics and Incident Response Tools
      • Sysmundo
    • Consulting and Professional Services
      • RDS Performance Audits, Security Audits, and General RDS Consulting
      • Custom Report Design Services
      • Training and Other Professional Services
  • Download
    • RDC Lite: Free RDS/Citrix Session and Farm Manager
    • RDC Lite With Premium Management Features
    • RDC Suite: Installer and Release Notes
    • Remote Desktop Canary – Request a Demo/Trial
    • Sysmundo
    • Request Upgrade To New Version
  • Buy
    • The Complete RDS/AVD Monitoring and Management Bundle Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Commander Suite Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
      • Buy Perpetual License(s)
    • Premium Management Features Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Remote Desktop Canary Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Fix My Session Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Sysmundo Purchase Options
      • Start Monthly Subscription Now
      • Start Annual Subscription Now
    • Buy Incident Based Support Packages
    • Pricing
  • Blog
  • Support
    • Contact Support / Submit Ticket
    • RDPSoft Knowledge Base
  • Contact
  • Partners

Preventing Remote Desktop Logins For Privileged Users

February 2, 2016 By Andy Milford Leave a Comment

Recently, I was working with a client who had the interesting goal of preventing a specific domain administrator from logging on via Remote Desktop Services. They wanted the domain admin and other privileged accounts to only connect via the VMWare vSphere console (through the corporate firewall), and then start a console session.

Fortunately, this is easily accomplished via user rights assignments in Group Policy / Local Security Policy. To do this, open up your Group Policy editor, or, if on a non-domain system, launch secpol.msc, and adjust the “Deny logon through Remote Desktop Services” policy entry.

Deny Logon Via Remote Desktop Services

Deny Logon Via RDS

Add the users who you want to prevent from logging on via Remote Desktop Services, save, and then apply/refresh the policy and test.

Note that this works well in all scenarios, from Windows Server 2003 onward. There is an older setting for individual users in Active Directory user management called “Deny this user permission to logon to a Remote Desktop Session Host Server.” This setting worked in all scenarios back in Windows Server 2003. However, in Windows Server 2008 and Windows Server 2012, it only works when the RDSH server is configured in Application Mode, NOT Remote Administration mode. Only setting the “Deny logon through Remote Desktop Services” user right assignment in Group Policy will effectively block access across all RDSH modes.

For more, read this Microsoft support article.

Is This The Absolute Surefire Way To Prevent Those Remote Desktop Logins? Well . . .

So, the above would not prevent an Administrator from altering a Group Policy object to remove themselves from this policy restriction. Therefore, using a tool like our Remote Desktop Commander Suite to audit privileged user sessions is a smart idea.

Using Remote Desktop Commander in conjunction with Group Policy, you can turn on heightened session auditing for specific users, routinely creating session recordings and screen captures for review later.

Quite a bargain for only $9 per server per month, if we do say so ourselves.

Filed Under: Remote Desktop Services Tagged With: admin, privileged user, RDP, remote desktop logons

About Andy Milford

Andy Milford is the CEO and Founder of RDPSoft, and is a Microsoft MVP in the Enterprise Mobility / Remote Desktop Services area. Prior to starting RDPSoft, Andy was the CEO and Founder of Dorian Software, a log management company acquired by Ipswitch in late 2009. He loves creating easy-to-use yet powerful software solutions for SMBs and emerging enterprise companies.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

Not Sure Where To Start?

In just a few moments, you can find the right fit of solutions and even services for your needs.

> Get Going Now.

Help Documents

Remote Desktop Commander
Help and Users Guide
Release Notes (ver 6.x)

Sign Up for Remote Desktop Tips and RDPSoft Updates

Blog Topic Categories

  • Azure RemoteApp
  • Azure Virtual Desktop
  • citrix edgesight
  • Citrix Edgesight Replacement
  • Citrix Shadowing
  • Cloud RDP Monitoring
  • DEX
  • Performance
  • RDP Disconnects
  • RDP Latency
  • RDP Login Time
  • RDP Login Tracking
  • RDP Logon Failure Tracking
  • RDP Logs
  • RDP Loss Rate
  • RDP Security
  • RDP Transmission Rate
  • RDS Infrastructure
  • RDS License Metering
  • RDS Licensing
  • Remote Desktop Bandwidth
  • Remote Desktop CPU
  • Remote Desktop Management
  • Remote Desktop Memory
  • Remote Desktop Memory Usage
  • Remote Desktop Monitoring
  • Remote Desktop Performance
  • Remote Desktop Protocol
  • Remote Desktop Reporting
  • Remote Desktop Security
  • Remote Desktop Services
  • Remote Desktop Services Free Tools
  • Remote Desktop Services Hotfix
  • Sensitive Data
  • Server 2012 TSAdmin Replacement
  • Shadow User
  • Software Releases
  • SPLA Reporting
  • Synthetic RDP
  • Sysmon
  • Telecommuting/Teleworking
  • Terminal Server Logging
  • Terminal Server Monitoring
  • Uncategorized
  • User Activity Monitoring
  • User Productivity
  • User Profiles
  • Windows 2008 Terminal Server
  • Windows Virtual Desktop
  • WVD Login Time
  • XenApp Monitoring
  • XenApp Reporting

Recent Posts

  • Fix My Session v1 Now Available!
  • How To Perform User Activity Monitoring in Azure Virtual Desktop
  • Remote Desktop Commander v7 Now Available!
  • How To Deploy Sysmon The Easy Way
  • Remote Desktop Canary v4.0 Now Available!

From the RDPSoft Blog

  • Fix My Session v1 Now Available!
  • How To Perform User Activity Monitoring in Azure Virtual Desktop
  • Remote Desktop Commander v7 Now Available!
  • How To Deploy Sysmon The Easy Way
  • Remote Desktop Canary v4.0 Now Available!
  • Email
  • Google+
  • LinkedIn
  • Twitter
  • YouTube

We Do “Single Pane of Glass” Monitoring and Management for RDS

Top Level Deployment Dashboard

One of the biggest criticisms leveled against Microsoft's Remote Desktop Services as an end user computing (EUC) platform is its complete lack of integrated management and monitoring tools. … Learn more about our centralized RDS monitoring and management >

Reach Out

For fastest response, reach out via our sales and support contact forms.

Sales
US: 1-855-738-8457 x1
Outside the US: 1-702-749-4325 x1

Support
for Evaluators and Priority Support Customers
US: 1-855-738-8457 x2
Outside the US: 1-702-749-4325 x2

© Copyright 2013–2025 RDPSoft. All Rights Reserved. RDPSoft is the sole authorized publisher and distributor of the following software titles: Remote Desktop Commander, Premium Management Features, Remote Desktop Canary · Sitemap