Restricting remote desktop connection

[Guest]

Im running an AD domain. Ive made my domain users part of the local
admistrators group on the workstations so they can install software they
need. Lately they've started using Remote Desktop (internally, not outside
the firewall) to connect back to thier desktops from other workstations on
the LAN.

I want to disable or prohibit the use of REmote Desktop connection to
anyone, including the local administrators group. BUT, I still need it
available to the DOMAIN admin group.

Can this be done through GP?

Thank you for your help and time!
jnichols

 

[Sooner Al [MVP]]

I don't have an answer other than to point you to the
microsoft.public.windows.server.active_directory news group...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[David]

granted this is just my opinion, but it's always a bad idea to make users
part of the administrators group. yeah, it's great they can install
software they need and it's less of a headache for you... but not only do
you run into problems like this... but they can also easily install games
(productivity loss) and file sharing programs on their pcs (hog bandwidth,
liability of swapping copyright music on company network), they can easily
install hacking tools to attack your servers, and they can easily install
rogue hardware such as wireless cards and configure it so they sit in the
company parking lot and steal sensative company data. also, microsoft even
advises against real administrators from using their administrative
credentials for regular use as it makes it that much easier for viruses to
install themselves. If I was the owner of your company I would have you
fired.

 

[Guest]

Hello David!

I happened to read your response to the company manager referencing allowing
the employees access to everyone's computer, and I felt your answer was right
on! Because you sound as though you have a depth of knowledge I am void of,
I'm wondering if you could assist me with a hacking problem on my computer?

Two weeks ago I tried to boot up my Acer Ferrari laptop, and I could not get
past the Windows XP page. I found a computer man who was able to open my
browser, and he spent the day running anti-viruses on my machine. When I
picked it up, he stated that there were no viruses evident, and that it must
have been hacked by remote. He changed my name as Administrator, and I have
been able to use it with limitations. I am saddened by the fact that I have
lost all My Documents, My Favorites, all my research, and copies of papers
written, etc. It has been impossible for me to retrieve them.

My only clue to this bizarre event was the Brother Control Center would
appear briefly as I booted up, and one time I caught a flash in the lower
right corner displaying my name and a message about "downloading documents".
It was so quick, I'm really not sure that it said exactly that verbiage, but
I'm close.

Do you have any idea what is happening, and how I might retrieve my valuable
information?

Thank you for any thoughts you might have about remote hacking, and I look
forward to your reply, if you have time.

Best wishes,
Sydny Greene
sydny@nospam_gmail.com