Forum Discussion
Active directory security remediation items - seeking advise
Hi Active Directory Brain Trust, We're aiming to implement following security restrictions as part of a AD security remediation. If anyone have implemented, consulted on these in the past, could...
Deny Log On Through Remote Desktop Services (RDS)
- Objective: Prevent certain user groups from logging on to servers or workstations via Remote Desktop Protocol (RDP).
- Implementation:
- Use Group Policy to configure this setting:
- Group Policy Path: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny log on through Remote Desktop Services
Deny Log On Locally
- Objective: Prevent users from logging in interactively at the console or directly on the machine.
- Implementation:
- Configure using Group Policy:
- Group Policy Path: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny log on locally
- Apply to groups like service accounts, non-privileged users, or domain users where interactive logon is not necessar
Deny Log On as a Service
- Objective: Block users from running or registering services on systems.
- Implementation:
- Group Policy path: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny log on as a service
- Apply to user accounts or groups that should not have the ability to run services, such as standard user accounts.
Deny Access to This Computer from the Network
- Objective: Block specific users or groups from accessing the machine over the network.
- Implementation:
- Group Policy path: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Deny access to this computer from the network
- Configure using Group Policy:
- Use Group Policy to configure this setting:
