Yes, we make extensive use of RDP -- most importantly, to work remotely with processes that run for long periods of time. I do use RDP occasionally for admin tasks that require use of the local Administrator account. I presume that it's time for a different approach...


On 6/17/2014 12:38 PM, Geoffrey Duke wrote:
[log in to unmask]" type="cite">

It would do so only if you are using a local account (e.g., the Administrator account), or a *-tech account. If you are using a domain account, with appropriate permissions, RDP should still work. Do you RDP to workstations?




From: Technology Discussion at UVM [mailto:[log in to unmask]] On Behalf Of Ernie Buford
Sent: Tuesday, June 17, 2014 10:39 AM
To: [log in to unmask]
Subject: Re: Notice - Change to workstations in Campus Domain


Your description sounds like this change will affect the ability to connect to other workstations via Remote Desktop Connection. True?

On 6/16/2014 4:54 PM, Geoffrey Duke wrote:

As mentioned in the Collaborative IT Discussion on Wednesday last week, we have made a small change to the Security Policy on workstations that are part of the Campus domain. We configured the Deny access to this computer from the network right, adding the ETS-LocalAdmins group and the new well-known group Local Account.


[log in to unmask]" height="235" width="790">


This limits the utility of compromised credentials, addressing a common method for moving through an organization and harvesting additional credentials. This configuration change shouldn’t impact the ability to log into a workstation using either a local account or a *-tech account, but you won’t be able to use such an account to connect from one workstation to another.


Please let us know if you have any questions or concerns about this change,




Geoffrey Duke
802.656.1172 |
Sr System Administrator | Enterprise Technology Services | University of Vermont