Allow non-admin users rdp session kill rights on Win 2K8 R2 Terminal Server

remote-desktop-services windows-server-2008-r2

According this technet post you can set "Logoff" or/and "Disconnect" permission in Remote Desktop Session Host Configuration.

To configure permissions for a connection:

  1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
  2. Under Connections, right-click the name of the connection, and then сlick Properties.
  3. In the Properties dialog box for the connection, on the Security tab, configure the permissions as appropriate for your environment, and then click OK.

It's not possible as far as I can tell. While you can likely assign rights to kill a process (it would be complicated but possible I think), listing the processes would require admin rights. However, if you are giving another user the ability to control processes, and reboot, you are effectively giving admin rights to that user anyway.

A better question might be how to prevent "rogue" rdp sessions in the first place.

Related

Apache & SVN on Ubuntu - Post-commit hook fails silently, pre-commit hook “Permission Denied”
MySQL replication of only one database
How do I view extensionattribute in AD?
Apache dispatch.fcgi doesn't get interpreted with Passenger
Got postfix and mail working, but the emails are considered "spam", why?
nginx & file permissions
Can a Windows machine authenticate against Samba with Kerberos when users are stored in AD?
cron job that fired 8 times rather than once. Daylight saving issue?
Cannot create Hyper-V Virtual Machine - General Access Denied 0x80070005
Server becomes unreachable and comes back up on its own (most likely a network issue)
Allow a range of IP's with IPTABLES from a file
Setting the timezone in MySQL on every connection using Zend PHP