How to restrict RDP functionality without affecting the regular profile?

K

Konstantin2014-10-23 18:45:19

RDP

Konstantin, 2014-10-23 18:45:19

Is available 2008R2 (AD) with working RDP. Everything worked as it worked, but we decided to dig a little deeper and make at least some protection from a fool and decided to limit RDP as much as possible (working only with 1C and printers)
How to make the maximum restriction of the rights of the connected user (AD profile) to RDP without affecting it local profile (in which it works from the local machine)? when a person turns on his car, everything is ok, when he connects to RDP - only 1C and the session ends.
It would seem that the question is elementary (everything is ok with setting the rights themselves), but I don’t know how to handle this nuance and ask for help)
Is it possible to do this without planting new users like
it was just pupkin, it became pupkin and pupkin_rdp

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

O

oia, 2014-10-23
@oia

so create a new policy in the GPO for this server with a restriction in the new OU, and there your restrictions as you wish

K

Konstantin, 2014-10-23
@fallen8rwtf

an evening without beer affects work / on the brain,
I thought "from the simple". By default, any user (in the Domain Users group) can turn off their PC, but cannot turn off the RDP server. It turned out that policies need to be changed for the "Remote Desktop Users" group, which by default includes all users of the "Domain Users" group