Difference between revisions of "Remote Desktop permissions"
(Created page with " ===Backstory=== thumb|right|Remote Desktop Session Host Configuration's security settings example Up until Windows Server 2008 R2 the "Remote Des...") |
|||
| Line 1: | Line 1: | ||
| − | + | =Backstory= | |
[[File:RDPermissions-1.png|thumb|right|Remote Desktop Session Host Configuration's security settings example]] | [[File:RDPermissions-1.png|thumb|right|Remote Desktop Session Host Configuration's security settings example]] | ||
Up until Windows Server 2008 R2 the "Remote Desktop Session Host Configuration" was shipped with the O.S, this has been removed in later versions.<br> | Up until Windows Server 2008 R2 the "Remote Desktop Session Host Configuration" was shipped with the O.S, this has been removed in later versions.<br> | ||
| Line 36: | Line 36: | ||
Doing this is still possible with WMI commands via scripting.<br> | Doing this is still possible with WMI commands via scripting.<br> | ||
An easy to use PowerShell menu script will be provided here, but individial commands will also be provided as an example.<br> | An easy to use PowerShell menu script will be provided here, but individial commands will also be provided as an example.<br> | ||
| + | |||
| + | =PowerShell menu= | ||
| + | |||
| + | =Commands= | ||
| + | |||
| + | =Messaging= | ||
| + | You might be interested in giving certain users the right to send messages to other users or the entire farm.<br> | ||
| + | For more information on this please see the article "[[Remote Desktop messaging]]".<br> | ||
Revision as of 13:33, 17 June 2020
Backstory
Up until Windows Server 2008 R2 the "Remote Desktop Session Host Configuration" was shipped with the O.S, this has been removed in later versions.
With this application you could delegate certain Remote Desktop permissions on a user or group base.
This was possible by opening the application, right click and select Properties on a connection, then going to the Security-tab, Advanced, selecting a permission, and Edit.
The following permissions are available:
| Permission | Description |
|---|---|
| Query Information | Get information on any session |
| Set Information | ? |
| Remote Control | Shadow any session (behaviour depends on shadow settings) |
| Logon | Logon your session |
| Logoff | Logoff any session |
| Message | Send a message to any session |
| Connect | Take over any session (password still required) |
| Disconnect | Disconnect any session |
| Virtual Channels | Use outside-session features (e.g. clipbord or printer) |
- The Query and Virtual Channels permissions are allowed by default when unchecked.
- Logon also requires the user/group to be added to the Remote Desktop's User Rights Assignment (via Group Policy).
Doing this is still possible with WMI commands via scripting.
An easy to use PowerShell menu script will be provided here, but individial commands will also be provided as an example.
Commands
Messaging
You might be interested in giving certain users the right to send messages to other users or the entire farm.
For more information on this please see the article "Remote Desktop messaging".
