Disabling Remote Desktop

by Mitch Tulloch [Published on 16 May 2006 / Last Updated on 16 May 2006]

How to prevent users from enabling Remote Desktop on their machines.

While Remote Desktop can be a useful feature for remotely managing servers, you may or may not want to allow this capability on Windows XP desktop computers on your network. Furthermore, if you allow some users to run as local admins on their workstations (either because of application compatibility issues or because they need more control over thier machines) then having such privileges allows them to enable Remote Desktop on their machines if they so desire.

Using Group Policy however, you can lock down Remote Desktop functionality on all computer accounts in a domain or OU by disabling the following policy setting:

Computer Configuration \ Administrative Templates \ Windows Components \ Terminal Services \ Do not allow new client connections 

Disabling this policy will enforce this setting on the target machines.

Mitch Tulloch
MVP Windows Server

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links