Home/ Questions/Q 8367963
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T13:16:54+00:00

In Windows 2003, I can start… Control Panel -> Administrative Tools -> Local Security

  • 0

In Windows 2003, I can start…
Control Panel -> Administrative Tools -> Local Security Policy
Then, if I go to…

Local Policies -> User Rights Assignment -> Deny log on through Terminal Services
… it lets me deny RDP access to a certain user account (even if that account is an admin).

How can I do the same thing from the command line, so I can automate it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should be able to use the reg command to modify the registry key that corresponds to this group policy setting.

    To disable, try this from a batch file:

    reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"
/v fDenyTSConnections
/t REG_DWORD
/d 1
/f

    I’ve wrapped the switches onto multiple lines for readability, make sure to put all that on one line in your batch file. I don’t have access to a Windows 2003 server to confirm those two settings are one in the same but I believe they are. You could use Process Monitor to watch which registry key changes when you change that GP setting to sniff out which one it is in the event that I have the wrong key.

    It appears you can also change this using the NTRights Utility and the SeDenyRemoteInteractiveLogonRight right. The syntax for that would be:

    NTRights.exe -u user +r SeDenyRemoteInteractiveLogonRight
    • 0