CATEGORY “Remote Desktop Configuration”
KEYNAME “SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services”
#if version >= 4
VALUENAME “fDenyTSConnections” VALUE NUMERIC 1
VALUENAME “fDenyTSConnections” VALUE NUMERIC 0
WinXP=”At least Windows XP Professional or .NET Server”
DENY_CONNECT=”Do not allow client connections”
DENY_CONNECT_EXPLAIN=”Prevents remote desktop connections to the system.”
Open Group Policy Management
Navigate to Computer Configuration -> Administrative Templates
Right Click on Administrative Templates and select “Add or Remove Templates”
Select Add and add “Remote_Desktop_Configuration.adm” and hit open
Hit close on the next screen
Expand Administrative Templates in Group Policy Management
Select “Do Not Allow Client Connections”
Now to Select your Remote Desktop Users
Still under Group Policy Management, navigate to:
Computer Configuration-> Windows Settings-> Security Settings-> Local Policies-> User Rights Assignments-> Allow Log on through Terminal Services.
Select your user groups or users which you want to have access to Remote Desktop into the workstations.
Hit OK and close out of Group Policy Object Editor
Apply this group policy to to the OU for the computers you want to apply this to.