Limit the user possibility of remote access to a group of servers The 2019 Stack Overflow...

One word riddle: Vowel in the middle

When should I buy a clipper card after flying to OAK?

Why do we hear so much about the Trump administration deciding to impose and then remove tariffs?

What do hard-Brexiteers want with respect to the Irish border?

What to do when moving next to a bird sanctuary with a loosely-domesticated cat?

slides for 30min~1hr skype tenure track application interview

Have you ever entered Singapore using a different passport or name?

Are there any other methods to apply to solving simultaneous equations?

Am I thawing this London Broil safely?

Why didn't the Event Horizon Telescope team mention Sagittarius A*?

Should I use my personal e-mail address, or my workplace one, when registering to external websites for work purposes?

What is the closest word meaning "respect for time / mindful"

Delete all lines which don't have n characters before delimiter

Pokemon Turn Based battle (Python)

Did Scotland spend $250,000 for the slogan "Welcome to Scotland"?

Is "plugging out" electronic devices an American expression?

Is there a symbol for a right arrow with a square in the middle?

Can one be advised by a professor who is very far away?

What tool would a Roman-age civilization have for the breaking of silver and other metals into dust?

Why isn't the circumferential light around the M87 black hole's event horizon symmetric?

Did 3000BC Egyptians use meteoric iron weapons?

How to notate time signature switching consistently every measure

Why was M87 targetted for the Event Horizon Telescope instead of Sagittarius A*?

Do these rules for Critical Successes and Critical Failures seem fair?



Limit the user possibility of remote access to a group of servers



The 2019 Stack Overflow Developer Survey Results Are InNETWORK_SERVICE keeps returning to Windows 7 Local Group PoliciesActive Directory - GPO Will Not Apply to Group of MachinesDeny acess to file-shares (SMB)?Is there any method in domain network that only prevent “ local users account(clients local user) ” log on?Enable RDP on Windows 10 for non-admin usersGPO only works on authenticated usersUser Specific Remote Desktop Connection SettingsGroup Policy 'All Removable Storage classes: Deny all access' not applying to remote desktop usersGPO Policies are not being appliedDeny RDP access to particular server from a particular user via GPO





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I'm trying to configure the Windows Active Directory (AD) to limit the Remote Desktop Access of a group of users to a group of server inside my network.



To achieve this I've created a security policy using the Windows Group Policy Management tool (GPM now on) as suggested here and I applied the policy to a group of servers as explained here.



The steps I followed were these:




  • From AD Users and Computer I created the security group RESTRICT_REMOTE_ACCESS (scope: Global, type: Security) inserting the servers.

  • From GPM I created the GPO NoRemoteDesktop, in the scope under Security Filtering I inserted only the previously created group.

  • I edited the NoRemoteDesktop policy in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment setting:



    • Deny log on locally selecting MyNetworkTest.User


    • Deny log through Remote Desktop Services selecting MyNetworkTest.User



  • Updated the server group policy

  • Running the following command on the server: gpresult /r /SCOPE COMPUTER I see that the PC is inside the group policy


I think that there is something wrong because the test user can still access both locally and remotely.










share|improve this question































    0















    I'm trying to configure the Windows Active Directory (AD) to limit the Remote Desktop Access of a group of users to a group of server inside my network.



    To achieve this I've created a security policy using the Windows Group Policy Management tool (GPM now on) as suggested here and I applied the policy to a group of servers as explained here.



    The steps I followed were these:




    • From AD Users and Computer I created the security group RESTRICT_REMOTE_ACCESS (scope: Global, type: Security) inserting the servers.

    • From GPM I created the GPO NoRemoteDesktop, in the scope under Security Filtering I inserted only the previously created group.

    • I edited the NoRemoteDesktop policy in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment setting:



      • Deny log on locally selecting MyNetworkTest.User


      • Deny log through Remote Desktop Services selecting MyNetworkTest.User



    • Updated the server group policy

    • Running the following command on the server: gpresult /r /SCOPE COMPUTER I see that the PC is inside the group policy


    I think that there is something wrong because the test user can still access both locally and remotely.










    share|improve this question



























      0












      0








      0








      I'm trying to configure the Windows Active Directory (AD) to limit the Remote Desktop Access of a group of users to a group of server inside my network.



      To achieve this I've created a security policy using the Windows Group Policy Management tool (GPM now on) as suggested here and I applied the policy to a group of servers as explained here.



      The steps I followed were these:




      • From AD Users and Computer I created the security group RESTRICT_REMOTE_ACCESS (scope: Global, type: Security) inserting the servers.

      • From GPM I created the GPO NoRemoteDesktop, in the scope under Security Filtering I inserted only the previously created group.

      • I edited the NoRemoteDesktop policy in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment setting:



        • Deny log on locally selecting MyNetworkTest.User


        • Deny log through Remote Desktop Services selecting MyNetworkTest.User



      • Updated the server group policy

      • Running the following command on the server: gpresult /r /SCOPE COMPUTER I see that the PC is inside the group policy


      I think that there is something wrong because the test user can still access both locally and remotely.










      share|improve this question
















      I'm trying to configure the Windows Active Directory (AD) to limit the Remote Desktop Access of a group of users to a group of server inside my network.



      To achieve this I've created a security policy using the Windows Group Policy Management tool (GPM now on) as suggested here and I applied the policy to a group of servers as explained here.



      The steps I followed were these:




      • From AD Users and Computer I created the security group RESTRICT_REMOTE_ACCESS (scope: Global, type: Security) inserting the servers.

      • From GPM I created the GPO NoRemoteDesktop, in the scope under Security Filtering I inserted only the previously created group.

      • I edited the NoRemoteDesktop policy in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment setting:



        • Deny log on locally selecting MyNetworkTest.User


        • Deny log through Remote Desktop Services selecting MyNetworkTest.User



      • Updated the server group policy

      • Running the following command on the server: gpresult /r /SCOPE COMPUTER I see that the PC is inside the group policy


      I think that there is something wrong because the test user can still access both locally and remotely.







      windows remote-desktop active-directory group-policy security-policy






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited yesterday







      Timmy

















      asked yesterday









      TimmyTimmy

      63212




      63212






















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423207%2flimit-the-user-possibility-of-remote-access-to-a-group-of-servers%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1423207%2flimit-the-user-possibility-of-remote-access-to-a-group-of-servers%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

          Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

          VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...