Reporting SPLA usage of Remote Desktop user CALs

Similar Messages

• NISPOM Tool reports groups "Guests" and "Remote Desktop Users" have excessive privileges - remediation?

  Greetings,
   I'm running a security tool DISA provides and it's reporting that on my XP box the following:
   "This group has privileges associated with it that may allow anonymous access to the system."
  The group is:
  "Guests"
  I've already disabled the Guest account, however the account isn't the same thing as the group, so how does one go about limiting anonymous privileges associated with the group?

  Remove any group membership if Guest account is member of.
  You can also use restricted group policy to remove group membership on muliple computers at once.

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows 2008 R2 Standard Remote Desktop Users cannot Connect

  I have a windows 2008 R2 Standard Terminal Server and some users aren't able to connect even though they are in groups that are in Remote Desktop Users on the local computer.  I checked the local security policy setting "Allow log on through Remote
  Desktop Services" and I see that Remote Desktop Users is a member of this group.  Inside of Remote Desktop Users we have DOMAIN\Domain Users and DOMAIN\Terminal Users.  Most of our users are in both groups, but there are still some people that
  aren't able to connect via Remote Desktop to this computer.  There are no users in "Deny logon through Terminal Services."
  Thanks!

  Hi,
  Thank you for posting in Windows Server Forum.
  Is it happens to all users or any particular group of users?
  Please check by creating new user add them to “Remote Desktop Users” group and then see whether that test user can remote desktop to the server.
  It also might happens that you may be limited in number of users or some connection issue or may be firewall setting issue. Please go through beneath article for information.
  Remote Desktop disconnected or can’t connect to remote computer or to Remote Desktop server (Terminal Server) that is running Windows Server 2008 R2
  http://support.microsoft.com/kb/2477176
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Can't change search options in Outlook 2007 on Windows Server 2008R2 Remote Desktop Users

  One of my users is trying to change search options in Outlook 2007.
  But he can't change the search options.
  He is working with Outlook 2007 on Remote Desktop Services 2008 r2.
  We doen't use cache mode on terminal server.
  Any sugesstion how we can enabling search options for remote desktop  users ?

  Hi Roel,
  Thank you for posting in Windows Server Forum.
  To customize Instant Search options by using Group Policy 
  - In Group Policy, load the Office Outlook 2007 template (Outlk12.adm).
  - To customize how results are displayed, under
  User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options\Preferences\Search Options, double-click the setting that you want to set. For example, double-click Turn off wordwheel.
  - Click Enabled. For hit highlighting color, choose a color from the Background Color drop-down list.
  - Click OK.
  More information.
  Configure Instant Search options in Outlook 2007
  http://technet.microsoft.com/en-in/library/cc178983(v=office.12).aspx
  In addition, perform below steps to edit the registry key and check.
  Step 1: Open the Registry Editor application.
  Step 2: In the Registry Editor, click the Edit menu and select Find. Type PreventIndexingOutlook in the search field and click Find Next.
  Step 3: Right click PreventIndexingOutlook and select Modify. Change its Value data to
  0 and click OK.
  Step 4: Search again by clicking the Edit menu and select Find. Type SetupCompletedSuccessfully in the search field and click Find Next. Locate this key.
  Step 5: Right click the SetupCompletedSuccessfully key and select Modify. Change its Value Data to 0 and click OK.
  Step 6: Restart your computer and you will now be able to perform advanced searches in Microsoft Outlook.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Remote desktop users lost overnight on windows server 2008 R2

  We set up a group in active directory to allow certain users access to this Virtual Machine.
  I am able to go into the the remote Users of the VM and add this group from active directory.
  Every Morning i have to re-add this group as it has gone at some point. There is nothing i can see that would cause this.
  Would anyone have any suggestions?
  Thank you,

  Hi,
  According to your description, it seems that the domain Users added in the remote desktop users group disappeared after the reboot, right? What are the operating systems of the clients and server?
  In addition, you can try to add domain users to the Remote Desktop Users Group via Group Policy to see if the issue persists. For more detailed information, please refer to the link below:
  How to add "Domain Users/Group" to Remote Desktop Users group on Servers using
  Group Policy ?
  Best regards,
  Susie

• How to programmatically manage Remote Desktop Users?

  Hi,
  I want to know if it esists a method to programmatically set/get the Remote Desktop Users list, such as add/remove an user and so on.
  Thank you all in advance
  Best Regards
  Antonino

  Hi,
  first of all, I want to thank you for reply. But, what I'm looking for is to programmatically view the list of the users for the Remote Desktop Control. With Remote Desktop Control I mean the way I let some other users over the network to operate with my own desktop in Windows XP (that is what you find in system->properties->remote desktop->advanced...and so on).
  Antonino

• My remote Desktop Users service is disabled

  Dear all,
  i need your help i have a windows server 2008 and when i restart i get my "allow users remote desktop" disabled and when i change it and then restart i get it disabled again i suspected there is a GPO that is doing that but when i run the gpresult i did
  not get any GPO changing the local group policy then i suspected that there is a start up script that is doing changes to the registry but still not
  i really what to know whats making this policy disabled
  thank you  

  Hi,
  Please try to use rsop.msc to see the following policy setting configured correctly:
  For details:
  Allow users to connect remotely using remote desktop Services
  ===========================================
  1.  Computer Configuration ->Policies ->Administrative Templates ->Windows Components ->remote desktop Services ->remote desktop Session Host ->Connections ->Allow users to connect remotely using Remote Desktop Services
  Restrict Group
  ==========
  1. Computer Configuration -> Policies -> Windows Settings -> Security Settings
  2. Right-click Restricted Groups, and then click Add Group.
  3. Click Browse, add Remote Desktop Users, click Ok.
  4. Add the members  what you want.
  Allow log on through Terminal Services(RDS on DC)
  ==========================
  Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Terminal Services
  Hope this helps!
  Best Regards
  Elytis Cheng
  Please remember to click “Mark as Answer” on the post that
  Elytis Cheng
  TechNet Community Support

• Remote Desktop - User Internet Sites Monitoring

  Can Remote Desktop Report what Internet Sites a User has gone to ?
  Thanks !
  Danny

  Again, there is no such report in Apple Remote Desktop. The only way you could get even part of that information is by copying the browser history logs from the clients to your administration workstation and examining those logs, and that's probably not practical even if the users don't just clear the history rendering those logs uninformative. You'll need to look for software that is specifically built for web monitoring.
  Regards.

• Report hangs when using Remote Desktop

  I am having trouble with Crystal Reports 11. I was wondering if there is a known issue when using it in conjuction with Remote Desktop.
  Here is the scenario.
  I am using Remote Desktop to connect to a server.
  I am running a report using Crystal Reports 11.
  The records have already been retrieved (approx. 800,000 records) and is printing - slowly.
  It takes around 75 minutes for the report to print 12 pages.
  If the Remote Desktop connection is closed, then re-established, the Crystal Reports pops up a message box stating "Not Supported". The pages of data the were previously printed are now blank. (For example: if it was on page 1 of 9+ it will go back to 1 of 1+ and the page will be blank.)
  If I use a VPN to connect to the network, then use the Remote Desktop Connection to connect to the server, the connection will periodically disconnect and the re-establish. This does not occur when not using Crystal Reports.
  Is there a problem with using Crystal Reports with Remote Desktop? Is there a better way to run my reports remotely?
  Thanks for any input.
  Ryan

  You may be better off posting this in the Crystal Reports Design forum as that team supports issues regarding working with the CR designer:
  SAP Crystal Reports
  Ludek

• How to remote desktop user can read, write ,modify and traverse folder but not execute?

  Now I ceate a user accout whis is user type and put him into remote desktop group.
  he can login this server by remote desktop.
  My server is windows 2003 but not in nt domain and  it is a workgroup computer.
  I want to limit him access right on one folder in which have many folders and .exe file.
  I only want he can read , write,modify file and traverse folder but not execute any .exe file.
  How can I implement this through NTFS.
  Please give me some advice.

  Hi,
  I think you could using advanced option to configure the file or folder permission:
  http://technet.microsoft.com/en-us/library/bb727008.aspx
  Regards.
  Vivian Wang

• Remote Desktop user rights assignment

  I have a 2012 server that I'm using with Remote Desktop Services. Users connect to this server to work with QuickBooks 2013 Premiere.  The problem is that QuickBooks would not run unless users had administrative rights.  To get around this I made
  everyone an administrator.  The problem is that a user inadvertently shut down the server.  How can I assign enough rights to enable users to use QuickBooks, but not shut down the server?
  More specifically - how can I more granularly adjust the rights and permissions users have when they log in via Remote Desktop.
  Thanks!

  Hi,
  As QuickBookes requires the Windows administrator privilege, I’m afraid that we cannot limit user rights and prevent them to shut down the server.
  However, as a workaround, you may try to publish QuickBooks as a RemoteApp so that users will just connect to the App instead of the server.
  Overview of RemoteApp
  http://technet.microsoft.com/en-us/library/cc755055.aspx
  Best Regards.
  Jeremy Wu
  TechNet Community Support

• How to report on sessions from Remote Desktop Services

  I want to run a historical report for (in)active / total sessons from a group of 2008 R2 servers.  I found that I had to import the RDS MP just to even get the terminal server\(in)active sessions counters visible in the performance view, and the metrics
  are being collected but I cannot figure out what object/class/counter combination to use in order to run a report from the SCOM 2012 Reporting console.  The TS 2003/2008 report templates do not work at all which were perfect from my TS 2003 farms, but
  now I can't get a birds eye view of a 2008 R2 RDS farm of 100 'terminal servers'.  What gives?
  B. Wright

  Unfortunately, I've been there and done that.  However not of the 2008R2 servers that are running "Remote Desktop Services" are available when I try to search for a group/objects in the chart/series.  If I point it to a group that contains the
  computers in question, and use any of the "terminal services 200x" counters/performance collection rules no data shows up in the report.  It's like they aren't avaliable as Windows Computers/Servers anymore because SCOM/MS considers them as a "Remote
  Desktop Services Host", and the only way I can see (in)active session information is in the performance view of that management pack's folder in the monitoring pane. 
  Seems to me that there is a major flaw in the RDS management pack for SCOM 2012.
  B. Wright

• Group Policy for Remote Desktop Users

  Hi,
  Currently my users use desktops and have user and computer GPOs applied (typical things like logon scripts etc.) at the OU level where they reside e.g. Finance Users, Sales Users etc.
  I am planning a Remote Desktop 2012 environment.
  I have read the following:
  TechNet cc779327
  So, my understanding is that I create a new OU for my Remote Desktop Server only (not users), and create a new security Group for my RD Users and a security group for my RD server.
  Remote Desktop Servers OU
             * RD User GPO (filter on RD User security Group and RD Computer Security Group)
             * RD Computer GPO (filter on RD User security Group and RD Computer Security Group)
  I then apply all computer settings to the RD Computer GPO (loopback processing, Windows installer, hide shortcuts etc.).
  I then apply all user settings to the RD User GPO (app specific, templates etc.)
  Why not consolidate the two GPOs into one?
  If I set computer settings in the computer GPO, and apply it as above to filter to the RD Server group and RD Users Group will this apply to only users un the RD User Group...or ALL users since I added the server to the filter?
  If a user currently gets a setting in their normal OU e.g. Finance logon script, will they still get it on the Remote Desktop? Or do I need to copy that GPO setting to my new RD User GPO also?
  Am I right to add both RD Server and RD User groups to the filter on both RD User and RD Computer GPOs?
  Loopback processing - merge or replace typically for Remote Desktop?

  Hi,
  Thank you for posting in Windows Server Forum.
  Create OU for RDS Server in Active Directory. Create security group for users who will use Remote Desktop Host (i.e. RDS Users). Create GPO (i.e. RDS Server Lock Down). In Security Filtering delete Authenticated Users, add RDS Server Account, and the security
  group created in previous step.
  Please check beneath article might useful for better understanding.
  Lock Down Remote Desktop Services Server 2012
  How to secure your remote desktop server with GPO
  Hope it helps!
  Thanks,
  Dharmesh

• Apple Remote Desktop - Users constantly appear and disappear in All Computers List

  I have a problem and I am thinking it is probably some kind of broadcast error on my network, but why not question Apple Remote Desktop in the process? Computers seem to flicker from available to unavailable. I think they are actually on. If I send a task out while it shows availbe it does complete even though it flickers on and off throughout the package install. However it will not let me send out installs when it say unavailable (as expected). If I am lucky I can catch the systems when they show available and the installs work. I have deleted preferences and re-installed ARD. I am using 3.7
  Personally I think it is my switches and Bonjour. Does anyone else have this issue and a work around?

  Hey Madoser,
  I had the same problem. I administrate around 30 macs, which I undrestand isn't much.....I was having issues with ard after updating to mavericks. I decided to do a complete erase and reinstall on my machine. This was't because of ard, mind you. I was having all kinds of problems. Nothing unexpected as far as I'm concerned but after doing things, my ard problems went away. It's only been a day, but everything is working like a dream.
  I'll make sure