Controlling connection access
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Controlling connection access
Use the permissions provided for Terminal Services to control how users and groups access the server. You can alter the default permissions to restrict individual users and groups from performing certain tasks, such as logging off a user from a session or ending sessions. You manage permissions from Terminal Services Configuration. You must be logged in as a member of the Administrators group to set permissions.
By default, there are three types of permissions: Full control, User access, and Guest access.
You can configure these by setting permissions for which users or groups can use a specific task. You can set the following permissions.
| Permission | Allows you to |
|---|---|
Query Information |
Query sessions and servers for information. |
Set Information |
Configure connection properties. |
Remote Control |
View or actively control another user's session. |
Logon |
Log on to a session on the server. |
Logoff |
Log off a user from a session. Be aware that logging off a user without warning can result in loss of data at the client. |
Message |
Send a message to another user's sessions. |
Connect |
Connect to another session. |
Disconnect |
Disconnect a session. |
Virtual Channels |
Use virtual channels. Be aware that turning off virtual channels disables some Terminal Services features such as clipboard and printer redirection. |
Note
- You must use the Remote Desktop Users group to control remote access to Terminal Server and Remote Desktop for Administration. For more information, see Enabling users to connect remotely to the server.