Identity Manager Community

Forum Deny this user permissions to log on to Remote Desktop Session Host server

Deny this user permissions to log on to Remote Desktop Session Host server

Stefano over 2 years ago

When OneIdentity creates a user this property is always set.

There is a way to avoid it?

Thanks

Top Replies

Markus Weiss-Ehlers over 2 years ago in reply to Stefano +1 verified

With "Controlled by the account definition" I wanted to express the fact that depending on the automation level the property will be set "only once during creation" or recurring based on the setting of…

0 Markus Weiss-Ehlers over 2 years ago

This is controlled by the property AllowLogonTerminalServer of the ADSAccount object in One Identity Manager. This property is controlled out-of-the-box via the account definition and the setting of the connected identity (Person.IsTerminalServerAllowed) "Login to terminal server permitted".
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Stefano over 2 years ago in reply to Markus Weiss-Ehlers

Thanks Markus,

I don't have the possibility to set that flag in Account Definition.

I'm missing something here.

Thanks.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
+1 Markus Weiss-Ehlers over 2 years ago in reply to Stefano

With "Controlled by the account definition" I wanted to express the fact that depending on the automation level the property will be set "only once during creation" or recurring based on the setting of Person.IsTerminalServerAllowed of the assigned identity (Person). A template is doing this (as always).

So, when the flag AllowLogonTerminalServer is not set at the account it is not set at the person during account creation.

If you need to change the behavior of the flag, you just need to customize the template at the flag.
Cancel
Up +1 Down

Reply

Reject Answer

Cancel