These permissions can be verified from RDP-TCP Listener properties.
If the user has permissions on the listener then the connection is successful. Once the user is authorized for remote logon his privileges to connect to the RDP-Listener is verified. Now comes into play the Logon privileges for the RDP-Listener. The reason being that adding a user to this GPO only authorizes him for a Remote Logon to the server but does not give him the permissions to connect to the RDP-Listener. If you have a user account which is not a part of the Administrators or the Remote Desktop Users groups and you go ahead and add him to the GPO for “Allow Logon through Terminal Services”, they will still not be able to create a successful RDP connection to the server. So, users who are a part of these groups will be authorized to logon remotely to the server. This is under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.īy default, the Administrators and Remote Desktop Users groups are given remote logon rights. The Remote Logon is governed by the “Allow Logon through Terminal Services” group policy. When a user is able to validate the above two conditions successfully, only then is the user provided with a successful RDP connection to the server. In simpler terms these are:Ģ) Logon: privileges for access to the RDP-TCP Listener There are two types of user rights Logon rights & Privileges.
0 kommentar(er)
