In our Active Directory infrastructure sometimes we may need to Disable Remote Desktop (RDP) Access for Domain Administrator account which we would have used in some Applications or may be during Deployment.
So that kind of Accounts will not be used anywhere apart from the above mentioned, considering the security we can disable RDP access for those accounts and that cannot be misused.
This is the common question among Administrators and I have seen the same questions in many of the forums.
So in this topic will see about the Step-By-Step Guide on How To Disable RDP Access for Domain Administrator & Domain User
- Active Directory Guide: Installation of Active Directory Domain Controller, Additional Domain Controller(ADC), New Child Domain Controller, Read-Only Domain Controller (RODC)
Lets See the Step For Disabling RDP access.
1. Log in to a server with Administrator privileges.
2. Open the Group policy mmc with Server Manager > Tools > Group Policy Management
3. Create the group policy for Disabling RDP access
In this case I have created GP Name as Deny RDP Access
4. Right click on the created Group Policy, Click on Edit and Browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
5. Find the “Deny logon through Remote Desktop Services” and “Deny Log on Locally” > Double click on it and Enable (Tick) Define this Policy Settings
6. Add the User and / or the Group that you would like to deny access & Click OK.
7. Link this GPO to any of the desired OU(Best Case: Apply this GPO to the Domain Level). Later run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.
Hope this Tutorials helps you guys.. Don’t Forget to Like..!! Share..!! & Comment..!!