Deny a user permissions to log on to terminal servers
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To deny a user permissions to log on to terminal servers
Choose from the following:
For a domain user account, open Active Directory Users and Computers.
In the console tree, expand the domain node, and then click the folder in which the user profile is located.
Note
To perform this procedure, you must be a member of the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
For a local user account, open Computer Management (Local).
In the console tree, click Users.
Where?
- Computer Management/System Tools/Local Users and Groups/Users
Note
- To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
Double-click the name of the user whose settings you want to change.
On the Terminal Services Profile tab, select the Deny this user permissions to log on to any terminal server check box, and then click OK.
Important
Clearing the Deny this user permissions to log on to any terminal servercheck box does not automatically allow the user permissions to log on to a terminal server. In addition to clearing this check box, you must also ensure that the user has been added to the Remote Desktop Users group on the appropriate terminal server, and that Remote Desktop has been enabled on the terminal server. For information about adding users to the Remote Desktop Users group, enabling Remote Desktop, and enabling users to connect to a terminal server, see Related Topics.
- Notes
To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
To open Computer Management, click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Terminal Services users
Terminal Services Profile
Add users to the Remote Desktop Users group
Enable or disable Remote Desktop
Enabling users to connect remotely to the server