Deny this user permissions to log on to Remote Desktop Session Host server

This is controlled by the property AllowLogonTerminalServer of the ADSAccount object in One Identity Manager. This property is controlled out-of-the-box via the account definition and the setting of the connected identity (Person.IsTerminalServerAllowed) "Login to terminal server permitted".

Thanks Markus,

I don't have the possibility to set that flag in Account Definition.

I'm missing something here.

Thanks.

Thanks Markus,

I don't have the possibility to set that flag in Account Definition.

I'm missing something here.

Thanks.

With "Controlled by the account definition" I wanted to express the fact that depending on the automation level the property will be set "only once during creation" or recurring based on the setting of Person.IsTerminalServerAllowed of the assigned identity (Person). A template is doing this (as always).

So, when the flag AllowLogonTerminalServer is not set at the account it is not set at the person during account creation.

If you need to change the behavior of the flag, you just need to customize the template at the flag.