February 21st, 2005, 01:54 PM
ikalo: Good advise on the groups. I guess I just expected them to create groups instead of just working with users. Groups are a lot easier to manage.
Another thing you can do to explicity deny users remote access is to add them to a deny group. Then in group policy, put just the group name in there for denied remote logon.
Then you will have two groups. One group that can use terminal services (RDP), but is denied local logon. Another groups that has local logon, but is RDP.
If nothing else, deny your administrators group remote logon via group policy.
If anybody gets remote access to your machine, they will have to use privledge escalation techniques, or run as. You could also deny admin secondary logon (run as). However, I don't like to do that. It depends on the box's purpose.
I often like to use run as remotely though. I won't log into a box with admin priv, but I'll "su" or run as to do what I need.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.