Terminal Services

By 3aFaReeT
in Microsoft (Windows)

 Share

Recommended Posts

Community Regular

3aFaReeT

Posted
Posted

Dear All,

We've recently installed Terminal Services Licensing on our Domain controller and the Terminal Service on to another server as application mode in order to login to it using specific users from our active directory to access an Application.

The Problem:

Any user from our active directory is able to login to that server

Requirement:

Only Specific users or Groups (OU) must login to that server.

Solution Found:

At each user level in the active directory there is a tab called (Terminal Services Profile) in which allow logon to terminal server is Checked? by un-checking it the user will not be able to login to that server.

BUT!!! Doing this excessive for 400+ users is headache..

Can anyone guide me in how to achieve this task in which ever way?

I'm very new to Terminal Services

I hope my explanation is clear... incase of any questions i'll be back to the net after an hour and a half

regards... and thanks alot to all of you

post-71571-1116390843.jpg

Link to comment
https://www.neowin.net/forum/topic/321782-terminal-services/
Share on other sites
Mentor

randy_tho

Posted
Posted
Can you separate them into 2 different groups and then assign one group the ability to log on and the other not?

585937090[/snapback]

Thats what I was thinking but it's kind of dirty. You also will probably want to make 2 new under your OIB.

My knowledge is limited on AD, GP but I'm trying to learn.

Experienced

Billprozac

Posted
Posted (edited)

In order to log onto the TS server, you have to have the logon locally permission. Chances are, you assigned that permissionto the Domain Users Group in order to get things working. Change that to include an new OU called TSusers and remove domain users, then add just the users to that group.

Btw, Domain Users may be a part of a local group that is allowed the log-on-locally permission, so you may have to hunt.

Edited by Billprozac
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Using Windows 10 past its end of support date, is it really that bad?

      By +Eternal Tempest · Posted

      Because of the EU (a good thing) newer android devices been getting 5 years worth of security patches. Except some Motorola which found the loop hole, and offer ZERO updates. In addition, Google for years have been making where it can patch some stuff by updating the core Google Play Store itself.  As echoed earlier,  you take the security risk in to your own hand beyond supported.
    • Microsoft Teams is getting a controversial location tracking feature that users may hate

      By Brian Miller · Posted

      Are people still using Teams?
    • Win11Debloat 06.11.2026

      By Copernic · Posted

      Win11Debloat 06.11.2026 by Razvan Serea Win11Debloat is a lightweight, easy to use PowerShell script that allows you to quickly declutter and customize your Windows experience. It can remove pre-installed bloatware apps, disable telemetry, remove intrusive interface elements and much more. The script also includes many features that system administrators and power users will enjoy. Such as a powerful command-line interface, support for Windows Audit mode and the option to make changes to other Windows users. All changes made by Win11Debloat can be easily reversed, and most removed apps can be restored via the Microsoft Store. A full guide on how to undo the changes is available here. Win11Debloat features: Below is an overview of the key features and functionality offered by Win11Debloat. Please refer to the wiki for more information about the default settings preset. Remove a wide variety of preinstalled apps. Click here for more info. Disable telemetry, diagnostic data, activity history, app-launch tracking & targeted ads. Disable tips, tricks, suggestions & ads across Windows. Disable Windows location services & app location access. Disable Find My Device location tracking. Disable 'Windows Spotlight' and tips & tricks on the lock screen. Disable 'Windows Spotlight' desktop background option. Disable ads, suggestions and the MSN news feed in Microsoft Edge. Hide Microsoft 365 ads on the Settings 'Home' page, or hide the 'Home' page entirely. Disable & remove Microsoft Copilot. Disable Windows Recall. Disable Click to Do, AI text & image analysis tool. Prevent AI service (WSAIFabricSvc) from starting automatically. Disable AI Features in Edge. Disable AI Features in Paint. Disable AI Features in Notepad. Disable the Drag Tray for sharing & moving files. Restore the old Windows 10 style context menu. Turn off Enhance Pointer Precision, also known as mouse acceleration. Disable the Sticky Keys keyboard shortcut. Disable Storage Sense automatic disk cleanup. Disable fast start-up to ensure a full shutdown. ...and more. Once you’ve downloaded the Win11Debloat file (Get.ps1), just follow these quick steps: Locate the Get.ps1 script file. Right-click the file and select Run with PowerShell from the context menu. If prompted by User Account Control (UAC), select Yes to grant the script the necessary administrative permissions. Win11Debloat 06.11.2026 fixes: Fix lock screen spotlight option being disabled when disabling the start recommended section by @Raphire in #619 Fix log message formatting by @Raphire Note The -RemoveCommApps and -RemoveW11Outlook command-line parameters for uninstalling a few specific apps have been removed with this release. If you previously relied on these parameters, please see this wiki page for alternative methods of removing these apps. Download: Win11Debloat 06.11.2026 | Open Source View: Win11Debloat Home Page | Screenshots 1| 2 Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Microsoft releases big Windows 11 25H2, 24H2 Release Preview with Recovery, Update features

      By SnyPer456 · Posted

      "Gradual Rollout"... Sigh...🙄
    • Microsoft releases major feature updates for stock Windows 11 apps

      By Liberi_Fatali · Posted

      Yes for me, I installed 'old calculator' (Windows 7 calculator) in its place since it is more useful to me. I think paint is the only one I left installed

  • Recent Achievements

    • Rookie
      restore went up a rank
      Rookie
    • Very Popular
      AndrewSteel earned a badge
      Very Popular
    • Veteran
      Taliseian went up a rank
      Veteran
    • One Month Later
      Clizby earned a badge
      One Month Later
    • One Month Later
      Timaximus earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      501
    2. 2
      +Edouard
      162
    3. 3
      PsYcHoKiLLa
      154
    4. 4
      ATLien_0
      83
    5. 5
      Steven P.
      79
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!