How to disable Remote Desktop Access (RDP) For Administrator On Windows Server 2016
Administrators have access via RDP enabled by default.
However you may need to restrict remote access for a specific administrator: if you want to be sure that every task (backups for example), services or other operations that may launch using his credentials won’t stop working.
How to disable access through Remote Desktop (RDP) for the user with administrative privileges on Windows Server 2016 without disabling the user account itself: in such a way you can deny RDP access for any user who belongs to groups that have it – for instance, Administrators, Remote Desktop Users.
- Press Win+R.
- Type secpol.msc and hit Enter:
- Navigate to:
Security Settings\Local Policies\User Rights Assignment
- Double-click on Deny log on through Remote Desktop Services:
- Click Add User or Group:
- Click Advanced:
- Click Find Now:
- Select the user you want to deny access via Remote Desktop and click OK:
- Click OK here:
- Click OK again to save settings:
When blocked user will attempt to log in to Remote Desktop session he will see the message:
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted this right manually