Print

Print


Yes, that did occur to me. We need to do more testing with that method. 
What about other clients? Are there other options that I might be missing?

Thanks

On 6/19/2014 3:09 PM, Geoffrey Duke wrote:
>
> You /could/ RDP as a domain account, and then user "Run as another 
> user" (shift-right-click on the program icon or shortcut) to launch a 
> tool as a local user.
>
> --Geoff
>
> *From:*Technology Discussion at UVM [mailto:[log in to unmask]] 
> *On Behalf Of *Ernie Buford
> *Sent:* Tuesday, June 17, 2014 1:03 PM
> *To:* [log in to unmask]
> *Subject:* Re: Notice - Change to workstations in Campus Domain
>
> Yes, we make extensive use of RDP -- most importantly, to work 
> remotely with processes that run for long periods of time. I do use 
> RDP occasionally for admin tasks that require use of the local 
> Administrator account. I presume that it's time for a different 
> approach...
>
> Ernie
>
> On 6/17/2014 12:38 PM, Geoffrey Duke wrote:
>
>     It would do so only if you are using a local account (e.g., the
>     Administrator account), or a *-tech account. If you are using a
>     domain account, with appropriate permissions, RDP should still
>     work. Do you RDP to workstations?
>
>     --Geoff
>
>     *From:*Technology Discussion at UVM
>     [mailto:[log in to unmask]] *On Behalf Of *Ernie Buford
>     *Sent:* Tuesday, June 17, 2014 10:39 AM
>     *To:* [log in to unmask] <mailto:[log in to unmask]>
>     *Subject:* Re: Notice - Change to workstations in Campus Domain
>
>     Your description sounds like this change will affect the ability
>     to connect to other workstations via Remote Desktop Connection. True?
>
>     On 6/16/2014 4:54 PM, Geoffrey Duke wrote:
>
>         As mentioned in the Collaborative IT Discussion on Wednesday
>         last week, we have made a small change to the Security Policy
>         on workstations that are part of the Campus domain. We
>         configured the Deny access to this computer from the network
>         right, adding the ETS-LocalAdmins group and the new well-known
>         group Local Account.
>
>         This limits the utility of compromised credentials, addressing
>         a common method for moving through an organization and
>         harvesting additional credentials. This configuration change
>         shouldn't impact the ability to log into a workstation using
>         either a local account or a *-tech account, but you won't be
>         able to use such an account to connect from one workstation to
>         another.
>
>         Please let us know if you have any questions or concerns about
>         this change,
>
>         --Geoff
>
>         Geoffrey Duke
>         802.656.1172 | Sr System Administrator
>         <http://www.uvm.edu/%7Egcd>| Enterprise Technology Services
>         <http://www.uvm.edu/ets>| University of Vermont
>         <http://www.uvm.edu/>
>