Disabling Remote Desktop

by Mitch Tulloch [Published on 16 May 2006 / Last Updated on 16 May 2006]

How to prevent users from enabling Remote Desktop on their machines.

While Remote Desktop can be a useful feature for remotely managing servers, you may or may not want to allow this capability on Windows XP desktop computers on your network. Furthermore, if you allow some users to run as local admins on their workstations (either because of application compatibility issues or because they need more control over thier machines) then having such privileges allows them to enable Remote Desktop on their machines if they so desire.

Using Group Policy however, you can lock down Remote Desktop functionality on all computer accounts in a domain or OU by disabling the following policy setting:

Computer Configuration \ Administrative Templates \ Windows Components \ Terminal Services \ Do not allow new client connections 

Disabling this policy will enforce this setting on the target machines.

Mitch Tulloch
MVP Windows Server

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links