securing remote desktop for win2003

[zimu]

hey guys,

have a win2003 machine set up and have added a user to remote desktop users group. i can log in as that user remotely, but notice that i can still go to administrative tools and at least view all the users etc...

how can i restrict this user so he doesn't have this access? he's not currently part of the administrative group, he's literally just in remote desktop users!

thanks,

 

[yinan]

Use NTFS permissions to deny him access to mmc.exe.

But there really isnt a problem because even though he can view all users he cant make any changes.

 

[zimu]

nice thinking, thanks

Any chance you'd know if there's some override in win2003 to allow more than 2 terminal services concurrent sessions? i know there's one for XP...

 

[stash]

Originally posted by: zimu
nice thinking, thanks

Any chance you'd know if there's some override in win2003 to allow more than 2 terminal services concurrent sessions? i know there's one for XP...

Yes, it's called terminal services, and it requires TS licenses and a license server.

In 2003 remote administration (formally called TS in admin mode), you can actually have three concurrent connections, since you can connect to the console session (session 0) with /console.

Note that this goes away in Server 2008, since session 0 is strictly for services. The latest RDP client included in Vista SP1 and Server 2008 has also changed the /console switch to /admin