Remote Desktop and Service Pack 2

J

Jim Watts

Hi, i have a problem with Remote Desktop that i hope somebody can help me
with:

Under WindowsXP Gold/SP1 we used make use of Remote Desktop functionality.
Normally, users must be a member of the local 'Remote Desktop Users' group
before they could logon via Remote Desktop. However, if they were already
logged into the target workstation (and had locked it etc) then they could
Remote Desktop to it without being in the local Remote Desktop Users group.
This was most useful, as it meant that people could use their 'own' machine,
but not connect to any others.

Under WindowsXP SP2, this no longer works and users MUST be a member of the
'Remote Desktop Users' group before connecting. (BTW I know that this is not
a firewall issue, as if i place the user account into the Remote Desktop
users group they can connect OK). A little digging with Security Analysis
shows the following:

SP1 - Allow Logon Through Terminal Services = Administrators, Users
SP2 - Allow Logon Through Terminal Services = Administrators, Remote Desktop
Users

Ok, so i found a difference. so I used GP to add the Users group into the
'Allow Logon Through Terminal Services' right. However, sadly this now means
that ANYBODY can Remote Desktop to a machine, which is not what i want.

Does anybody know if this change in SP2 was deliberate, and if a workaround
exists? We are keen to make the Remote Desktop functionaility available to
the person who is currently logged on to the workstation, without having to
put individuals into the local group, and without letting anybody else
connect

Many thanks
 
R

Rebecca Chen [MSFT]

Hi Jim,

I have noticed you submitted another thread to discuss the same issue. In
order to keep the thread clean, would you mind we discuss this issue in
another thread?

Thank you for your understanding!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

Jim Watts

In order to keep the thread clean, would you mind we discuss this issue in
another thread?
Click to expand...

Sure, no problem. Does that mean i can look forward to an answer in the
windowsxp.general thread then? :)

--
Jim Watts,
Technology Consultant
Information Systems Services
University of Southampton
 
R

Rebecca Chen [MSFT]

Yes, currently, I am building up the enviornment to test it. :)

Thank you for your patience!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remote Desktop local policy error 1
Disable Remote Desktop for Administrator account.... 2
Allow Log on through Terminal Services 1
Remote Desktop 3
Domain user cannot RDP to Vista Business workstation 1
Offer Remote Assistance - "Permission denied" - Windows XP SP2 2
Remote desktop on domain: The local policy of this system does not permit you to logon interactively 1
remote desktop 1

Top