Hi,
We would like to prevent the local administrator account on each PC from having rights to logon via Remote Desktop Services. I have found the necessary policy to do this:
Computer Configuration>Policies>Windows Settings>Security Settings>Local Policies>User Rights Assignment and then
'Deny log on through Remote Desktop Services'
Whilst enable this and defining the policy is not a problem, I am not sure of the syntax or correct form to add the built in administrator for the PC it is being applied to.
BUILTIN\Adminstrators is the whole group, don't want to do that, domain users/groups are easy. .\Administrator doesn't work. Typing in just 'Administrator' is allowed, but I am not sure which administrator that is applying to!
Any thoughts would be great. Thanks in advance.