Limiting users who can login via RDP
By default, all users in the Administrators group
and Remote Desktop Users Group
have RDP access rights. If you only want certain members of the Administrators group to have RDP access, you can adjust this in Local Security Settings by removing the "administrators group
" and then making sure all required remote users are part of the "Remote Desktop Users group".
- Click Start then click Run. Enter secpol.msc and click OK.
- The Local Security Policy window should open up.
- Expand the Local Policies node and click User Rights Assignment.
- On the right hand side, double click Allow log on through Terminal Services or Allow log on through Remote Desktop Services.
- Click Add User or Group and enter Remote Desktop Users.
- Remove the Administrators Group once you have made sure that any users you want to have RDP access are already part of the Remote Desktop Users Group.
- Click OK and OK again to dismiss both dialog boxes.