我们需要禁止域管理员帐户直接通过RDP访问服务器.我们的策略是以普通用户身份登录,然后使用“运行方式管理”功能.我们怎样设置它?
有问题的服务器正在运行带有远程桌面会话主机和基于会话的RD集合的Windows Server 2012 R2.允许的用户组不包含域管理员用户,但他仍能以某种方式登录.
谢谢.
这似乎是你在寻找:
http://support.microsoft.com/kb/2258492
To deny a user or a group logon via RDP,explicitly set the “Deny logon through Remote Desktop Services” privilege. To do this access a group policy editor (either local to the server or from a OU) and set this privilege:
-
Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.
-
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
-
Find and double click “Deny logon through Remote Desktop Services”
-
Add the user and / or the group that you would like to dny access.
-
Click ok.
-
Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.
(编辑:宜春站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|