Limit users who can log in using Remote Desktop

By default, all Administrators can log in to Remote Desktop. If you have multiple Administrator accounts on your computer, you should limit remote access only to those accounts that need it. If Remote Desktop is not used for system administration, remove all administrative access via RDP and only allow user accounts requiring RDP service. For Departments that manage many machines remotely, remove the local Administrator account from RDP access at and add a technical group instead.

  • Click Start–>Programs–>Administrative Tools–>Local Security Policy
  • Under Local Policies–>User Rights Assignment, go to “Allow logon through Terminal Services.” Or “Allow logon through Remote Desktop Services”

source

Leave a Reply