Deny log on through Remote Desktop Services
|ID: oval:org.secpod.oval:def:18942||Date: (C)2014-05-29 (M)2017-11-21|
|Class: COMPLIANCE||Family: windows|
The Deny log on through Remote Desktop Services user right should be assigned to the appropriate accounts.
This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts to access the server from the network. Domain accounts can access the server for administration and end-user processing. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on through Remote Desktop Services
(2) REG: NO INFO
|Microsoft Windows Server 2008 R2|