Terminal Services Admin only for specific users

windows-server-2003 windows-terminal-services

Is there a way to allow a user access to tsadmin, but only to remote in on certain users? For example: The user is mgr of our billing department and has 3 team members in remote locations. I would like for her to be able to remote in the team member's sessions but no one else. Is this possible?


Solution 1:

There isn't granularity in the access control system to do what you're looking for in a way that would be configurable very easily.

Permission to perform "Remote Control" is granted based on permissions set on the "RDP Listener" object. You could create an RDP Listener with permissions as you describe (allowing "Remote Control" for certain groups) but, as far as I know, you would need to have one NIC per listener that you create (because multiple listeners can't be bound to the same NIC). It might be possible to have multiple listeners on the same NIC running on different TCP port numbers I'm not seeing a way in the stock user interface to do that.

Related

3 drives fell out of Raid6 mdadm - rebuilding?
GPG verifying git tags in a deployment script
Switch Netapp expansion FC port from target to initiator
Is my webserver allowing pre-fetching?
Moving pulseaudio out of home
New Domain controller is having trouble replicating from an existing DC, 13508 Event ID for FRS
Can't resize2fs - combination of flex_bg and !resize_inode
KVM Hosting: How to efficiently replicate guests
Windows 8 profile creation video
How to enable HTTP loopback connections?
Nginx as reverse proxy: how to properly configure gateway timeout?
Issue with SSH on Ubuntu - Local connection ok, remote connection - Is it me or my ISP?