[gptalk] handling remote desktop

  • From: rpo <rpo8373@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Fri, 14 Nov 2008 09:32:45 +1000

hi all,

i'm just curious how people here handle remote desktop and remote
assistance in their organisation.

we have a requirement for certain non-admin users to be able to remote
desktop/offer remote assistance to machines on occasion.

should i manually add the user to the local remote desktop users group
on the machine, or should i enforce a policy? my issue with this is
that it gives the user the ability to remote desktop to all machines.
how risky is this?

my plan was to create a domain group called 'rdp users' and modify the
'allow logon through terminal services' policy to incorporate this
group. the domain group 'remote desktop users' in my understanding, is
a builtin group and only applicable to dc's?

as for remote assistance, i was simply going to create a 'remote
assistance users' domain group and modify the offer remote assistance
setting in the admin templates\system\remote assistance template.

how does all this sound?

You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: