hi all, i'm just curious how people here handle remote desktop and remote assistance in their organisation. we have a requirement for certain non-admin users to be able to remote desktop/offer remote assistance to machines on occasion. should i manually add the user to the local remote desktop users group on the machine, or should i enforce a policy? my issue with this is that it gives the user the ability to remote desktop to all machines. how risky is this? my plan was to create a domain group called 'rdp users' and modify the 'allow logon through terminal services' policy to incorporate this group. the domain group 'remote desktop users' in my understanding, is a builtin group and only applicable to dc's? as for remote assistance, i was simply going to create a 'remote assistance users' domain group and modify the offer remote assistance setting in the admin templates\system\remote assistance template. how does all this sound? daniel. *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************