Hello, I have a question regarding Remote Desktop Security. I have a user that I want to be able to access all servers but one using remote desktop. How do I block him from that one server? Tommy

The easiest way is to modify the local policy on that server, specifically the User Right --> "Deny log on through Remote Desktop Services" This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. You can modify the local security policy by opening the RUN command --> type gpedit.msc --> navigate to the Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment -- > Deny log on through Remote Desktop Services. The best way to manage this, in my opinion is to create a global group in AD, then add this group to the Deny policy. You then simply add/remove users from that group without having to touch the server's local policy again. Alternatively, simply add the user ID to this deny policy. Visit: anITKB.com, an IT Knowledge Base.