Limit users who can login via RDP

Limit users who can login via RDP

By default, all users in the “Administrators group” have RDP access rights.  And, of course, all users in the “Remote Desktop Users group” have RDP access rights too.  If you only want some members of the Administrators group to have RDP access, you can adjust this in Local Security Settings as follows: by removing the “administrators group” and then making sure all required remote users are part of the “Remote Desktop Users group”.

Local Security Policy (secpol.msc) -> Security Settings -> Local Policies -> User Rights Assignment -> Allow Logon Through Remote Desktop Services, change settings to remove “Administrators group” (but make sure any users you want to have RDP access are already part of the “Remote Desktop Users Group” especially the one you are currently logged in with).