CATEGORY “Remote Desktop Configuration”
KEYNAME “SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services”
POLICY !!DENY_CONNECT
#if version >= 4
SUPPORTED !!WinXP
#endif
EXPLAIN !!DENY_CONNECT_EXPLAIN
ACTIONLISTON
VALUENAME “fDenyTSConnections” VALUE NUMERIC 1
END ACTIONLISTON
ACTIONLISTOFF
VALUENAME “fDenyTSConnections” VALUE NUMERIC 0
END ACTIONLISTOFF
END POLICY
End Category
[strings]
WinXP=”At least Windows XP Professional or .NET Server”
DENY_CONNECT=”Do not allow client connections”
DENY_CONNECT_EXPLAIN=”Prevents remote desktop connections to the system.”
Open Group Policy Management
Navigate to Computer Configuration -> Administrative Templates
Right Click on Administrative Templates and select “Add or Remove Templates”
Select Add and add “Remote_Desktop_Configuration.adm” and hit open
Hit close on the next screen
Expand Administrative Templates in Group Policy Management
Select Remote_Desktop_Configuration
Select “Do Not Allow Client Connections”
Delect Disable
Now to Select your Remote Desktop Users
Still under Group Policy Management, navigate to:
Computer Configuration-> Windows Settings-> Security Settings-> Local Policies-> User Rights Assignments-> Allow Log on through Terminal Services.
Select your user groups or users which you want to have access to Remote Desktop into the workstations.
Hit OK and close out of Group Policy Object Editor
Apply this group policy to to the OU for the computers you want to apply this to.