Prevent member of administrator group loging in via Remote Desktop
Posted
by Chris J
on Server Fault
See other posts from Server Fault
or by Chris J
Published on 2010-03-19T10:04:47Z
Indexed on
2010/03/19
10:11 UTC
Read the original article
Hit count: 249
windows-server-2003
|user-management
In order to support some build processes on our Server 2003 development servers, we require a common user account that has administrative privs.
Unfortuantly, this also means that anyone that knows the password can also gain admin privs on a server. Assume that trying to keep the password secret is a failed exercise. Developers that need admin privs already have admin privs so should be able to log in as themselves.
So the question is a simple one: is there anything I can configure to prevent people (ab)using the account to gain administrator on servers they shouldn't have administrator on? I'm aware that devs could disable anything that is put in place, but that's then down to process and auditing to track and manage.
I don't mind where or how: it can be via the local security policy, group policy, a batch file executed in the user's profile, or something else.
© Server Fault or respective owner