• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Second Remote Desktop group

Ahhzz

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,744 (1.48/day)
System Specs
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
We don't have a specific Server thread, so I decided RDP is a network process, therefore, Network thread :)

So, I've got an RDP/TS server I manage, and on rare occasion, one of the software packages installed needs maintenance, and the supporting group is a 9 to 4 type group. During maintenance, I need all the "normal" users to stay off, while allowing the support group and admin groups access. Unfortunately, Windows server OS does not have an easy method to disable all but a few RDP users at once, much less re-enable them. Does anyone know if there's a way to "Copy" the RDP group to a second group , and use that as a "common users" which I can disable and enable easily? Thanks!

edit for a little more detail
 
Last edited:
Solaris17

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,890 (3.79/day)
Location
Alabama
System Specs
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
You can make 2 GPOs. One that has the OU of the support staff and one that Denies RDP access to the users. Whenever you need to do maint, just make it a req that users need to leave systems or w/e on and then enable the GPO restricting the user OU and enable the OU for the support OU. then force a GP update via GPEDIT to those systems.

At the end of maint, just disable both (since your default policy allows it for all users it seems) and force GPU update to all systems again and reboot them remotely.
 
Ahhzz

Ahhzz

Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,744 (1.48/day)
System Specs
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
Solaris17 said:
You can make 2 GPOs. One that has the OU of the support staff and one that Denies RDP access to the users. Whenever you need to do maint, just make it a req that users need to leave systems or w/e on and then enable the GPO restricting the user OU and enable the OU for the support OU. then force a GP update via GPEDIT to those systems.

At the end of maint, just disable both (since your default policy allows it for all users it seems) and force GPU update to all systems again and reboot them remotely.
Click to expand...
Not a bad idea, may give that a whirl, thanks :)
 
Solaris17

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,890 (3.79/day)
Location
Alabama
System Specs
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
I only reccomend it because I use similar restrictions. By default I dont want techs attempting to RDP into my servers, but I do want them to be able to RDP into the LAB environment for extended learning. Likewise I do NOT want the POS PCs to be able to RDP at all. So I have GPO restrictions preventing this kind of stuff.
 
You must log in or register to reply here.
Top