RDS - restrict single user to one session host

Question

Hi,

I have 2 RDS hosts and 1 broker server. I have created collections where both session hosts are added. I have one user who need access only to first server. Can I denied access for this user to the second session host? If yes, how can I do this?

Answer 1

Hello，

Thank you for posting in the Microsoft Community forum.

You can limit access for a specific user to the second session host via GPO. Here is a general procedure for your reference:

1. On your domain controller, open the Group Policy Management Console (GPMC).

Right-click on the Organizational Unit (OU) where your second session host resides and select "Create a GPO in this domain, and Link it here..."

Name the GPO something like "Deny Access to Second RDS Host".

2. Right-click the newly created GPO and select "Edit".

Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

3. Configure the Deny Logon Policy:

Find and double-click on Deny logon through Remote Desktop Services.

Click Add User or Group, then add the user who should be denied access to the second session host. Click OK to apply the changes.

4. Ensure the GPO is linked to the OU containing the second session host.
5. Run gpupdate /force on the second session host to apply the new policy immediately.

Note: Before rolling out any new policy across the network, always test the policy in a lab environment or on a small number of users/computers to ensure that it works as intended without causing any unexpected disruptions.

Best regards

Jacen

——————————————————————————————————

If the Answer is helpful, please click "Accept Answer" and upvote it.