WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Allow Terminal Services logon

Allow logon through Terminal Services

AKA: SeRemoteInteractiveLogonRight, Allow logon through Terminal Services

Default assignment on workstations and member servers: Administrators, Remote Desktop Users

Default assignment on domain controllers: Administrators

This right first appears in Windows 2000 Service Pack 2 and continues in XP and 2003. This right controls who can establish remote desktop (aka Terminal Services) connections to this computer. As such this is an important right to properly control. The default assignments are reasonably appropriate.

The Deny logon through Terminal Services right overrides this right.

Use of this right does not generate a Privilege Use event in the Windows security log but remote desktop logons do generate event ID 540/4624 with logon type 10.

Changes to these logon rights assignments are logged by event IDs 621/4717 and 622/4718.

More information at Logon Rights.

Upcoming Webinars

Additional Resources

User Rights In-Depth

•	Access from Network
•	Act as OS
•	Add Workstations
•	Adjust Memory Quotas
•	Allow log on locally
•	Allow Terminal Services logon
•	Backup Files & Directories
•	Bypass traverse checking
•	Change the system time
•	Create a pagefile
•	Create a token object
•	Create global objects
•	Permanent shared objects
•	Debug programs
•	Deny network access
•	Deny logon as a batch job
•	Deny logon as a service
•	Deny logon locally
•	Deny Terminal Services logon
•	Enable trusted for delegation
•	Force shutdown remotely
•	Generate security audits
•	Impersonate a client
•	Increase scheduling priority
•	Load and unload device drivers
•	Lock pages in memory
•	Log on as a batch job
•	Log on as a service
•	Manage auditing and security log
•	Modify firmware values
•	Volume maintenance
•	Profile single process
•	Profile system performance
•	Remove from docking station
•	Replace process level token
•	Restore files and directories
•	Shut down the system
•	Sync directory service data
•	Take ownership of files & objects

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.