[gptalk] handling remote desktop
- From: rpo <rpo8373@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Fri, 14 Nov 2008 09:32:45 +1000
hi all,
i'm just curious how people here handle remote desktop and remote
assistance in their organisation.
we have a requirement for certain non-admin users to be able to remote
desktop/offer remote assistance to machines on occasion.
should i manually add the user to the local remote desktop users group
on the machine, or should i enforce a policy? my issue with this is
that it gives the user the ability to remote desktop to all machines.
how risky is this?
my plan was to create a domain group called 'rdp users' and modify the
'allow logon through terminal services' policy to incorporate this
group. the domain group 'remote desktop users' in my understanding, is
a builtin group and only applicable to dc's?
as for remote assistance, i was simply going to create a 'remote
assistance users' domain group and modify the offer remote assistance
setting in the admin templates\system\remote assistance template.
how does all this sound?
daniel.
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
