[gptalk] handling remote desktop

  • From: rpo <rpo8373@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Fri, 14 Nov 2008 09:32:45 +1000

hi all,

i'm just curious how people here handle remote desktop and remote
assistance in their organisation.

we have a requirement for certain non-admin users to be able to remote
desktop/offer remote assistance to machines on occasion.

should i manually add the user to the local remote desktop users group
on the machine, or should i enforce a policy? my issue with this is
that it gives the user the ability to remote desktop to all machines.
how risky is this?

my plan was to create a domain group called 'rdp users' and modify the
'allow logon through terminal services' policy to incorporate this
group. the domain group 'remote desktop users' in my understanding, is
a builtin group and only applicable to dc's?

as for remote assistance, i was simply going to create a 'remote
assistance users' domain group and modify the offer remote assistance
setting in the admin templates\system\remote assistance template.

how does all this sound?

daniel.
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: