Question
I am looking for a way how to disable remote access to management console of single Windows Server 2008 R2 with least administrative effort.
Server is in domain and there is big amount of other computers and users in domain, hence looking for some local option rather than changing some settings on domain level.
I can disable usage of remote Server Management on server A that works as I would like - I am unable to access its Server Management from server B. However if I will open mmc on server B and add e.g. 'services' or 'computer management' snap-in, I am able to remotely access the server A this way
Need to avoid users to restrict from using mmc and particular snap-ins and preferably trying to find a way without using windows firewall and blocking this type of communication. I somehow deep inside do believe, that there could be some registry key or local policy setting that will simply disable remote access of mmc kind.
Obviously have to avoid any further 3rd party tools...
Anyone know how to achieve this? Or at least some hint would be appreciated.
Thank you
Solution
Solution I implemented was adding local Administrators group on my server to security policy Deny access to this computer from the network.
That prevents users with rights to do the modification from doing it remotely, while pertaining possibility to remote desktop, this forcing administrators to login. Just keep in mind that this will affect also your service account etc.. (anything logging remotely to computer)
OTHER TIPS
You could also consider using Group Policy, under user configuration -> administrative templates -> Windows components -> Microsoft Management Console -> Restricted/Permitted Snap-ins.
Once you enable the policy, then you can enable disable the desired plugins you want. You could do this on both the local or remote machine.
Just a thought
https://stackoverflow.com/questions/22485479
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian