Prevent member of administrator group loging in via Remote Desktop

Posted by Chris J on Server Fault See other posts from Server Fault or by Chris J
Published on 2010-03-19T10:04:47Z Indexed on 2010/03/19 10:11 UTC
Read the original article Hit count: 224

Filed under:

windows-server-2003

|

user-management

In order to support some build processes on our Server 2003 development servers, we require a common user account that has administrative privs.

Unfortuantly, this also means that anyone that knows the password can also gain admin privs on a server. Assume that trying to keep the password secret is a failed exercise. Developers that need admin privs already have admin privs so should be able to log in as themselves.

So the question is a simple one: is there anything I can configure to prevent people (ab)using the account to gain administrator on servers they shouldn't have administrator on? I'm aware that devs could disable anything that is put in place, but that's then down to process and auditing to track and manage.

I don't mind where or how: it can be via the local security policy, group policy, a batch file executed in the user's profile, or something else.

© Server Fault or respective owner

Related posts about windows-server-2003

Rotate monitor to portrait on Windows Server 2003 with ATI card

as seen on Super User - Search for 'Super User'
Does anyone know if it is possible to rotate a monitor from landscape to portrait mode on Windows Server 2003 32-bit with an ATI video card? According to Dell's site, I should be able to rotate my Dell P2310H monitor by installing drivers from their website, but they don't have drivers for Windows… >>> More
Windows Server 2003 Trial Activation Issue

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 (R2 Enterprise with SP2) VM, originally installed with a trial license. We forgot about the server, and now more than 120 days has passed, and I can't do anything with the server. I seem to be at a dead end with the existing installation. When I log in, I get: The… >>> More
Windows Server 2003 can't see Vista machine

as seen on Server Fault - Search for 'Server Fault'
Hi there, I've got a real PITA problem that I'm sure has a really simple solution. I have a Windows Server 2003 machine that needs to be able to see the network name of a Vista box - but refuses to. It can see the Vista box (and even access its shared folder) if I enter the Vista box's IP address… >>> More
Windows server 2003 default administrator password

as seen on Stack Overflow - Search for 'Stack Overflow'
Sorry if this is an overly simplistic question, but I'm a bit stuck here. :) I need a windows machine for me to do some programming for class. Since I have my Macbook with me everywhere I go, I figured that it would be easiest to install a vm. And since I can get a copy of Windows server 2k3 for… >>> More
Windows Server 2003 - Handling hundreds of simultaneous downloads

as seen on Server Fault - Search for 'Server Fault'
At the moment I have a single server with 4 1TB hard disks, daily I haver over 150 MP3 music files uploaded (around 80mb each). At busy periods there is over 300 people streaming / downloading these mixes all at once, 75% of the activity is on the most recently uploaded stuff which is all on a single… >>> More

Related posts about user-management

User management API

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am developing an application suite where users will need to connect to a server and depending on their account type they will be given some services. The server will run Linux. Can you please suggest me some user management API which I can use to develop the server program? By user management… >>> More
User management for google apps

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi guys, I'm modifying our collaboration system so it can be listed on google applications. A small issue I'm facing is the registering of user details. By default whenever someone logs into their google Apps account they pretty much are logged into the application. For every action taken by a registered… >>> More
User management for custom application built on google apps

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi guys, I'm modifying our collaboration system so it can be listed on google applications. A small issue I'm facing is the registering of user details. By default whenever someone logs into their google Apps account they pretty much are logged into the application. For every action taken by a registered… >>> More
Which is a good opensource user management system?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm new to php/mySQL and am trying to create a website which will allow users to register. In future, there will be a paid content area where content will be shown based on the payment status. Is there a good opensource lightweight framework which takes care of the user management part? (Register… >>> More
SugarCRM - how to customize user management tools?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm new to using SugarCRM. I want to have a users page that does the following: 1) allow a user to create sub-users, and each sub-user can then create additional sub users 2) display users in an expandable and collapse-able hierarchical tree structure. 3) add more attributes to each user Does… >>> More