Good Day all

I have been asked to deny access to our production SQL servers from the developers. I have removed there RDP access and they are not domain admins. However, without using the firewall. Is there more tightening I can do, Say they were using the SQL Management Console on a dev server, do I need to do anything further to keep them from connecting to a prod SQL instance. They will still be SQL Admins but there access is based on being given access when requested. Also, I want to make sure they cannot connect to any file services or even the computer management window from any other device.

Any suggestions on perhaps using GP or anything would be greatly appre

Hi,

You can add and remove users from the Remote Desktop Users group. If they are members of the Administrators group they have access by default, but it sounds like they are just SQL admins.

 gpedit.msc under Computer Config > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Find the entry for "Allow log on through remote desktop services" and "deny log on through remote desktop services"

-Greg

P.S. http://www.grammar.cl/english/there-their-they-are.htm