Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I elevate Remote Desktop Privilege?

05 Feb 2015   #1
spokey

Windows 7 32-bit
 
 
How do I elevate Remote Desktop Privilege?

if I remember correctly, even Administrators lose some privilege when coming in via remote desktop (vs local logon). Also that that can be changed somewhere in local policy. But I can't find it. I'm hoping someone here remembers and can point me to the right place to change that.

thx


My System SpecsSystem Spec
.
06 Feb 2015   #2
Kari

Microsoft Community Contributor Award Recipient

 

I have to admit I have difficulties to understand what you mean? What kind of privileges should admins lose when using remote desktop connection?

When you connect to a remote host you have to give credentials for a user account that exists on that remote host and you of course have the exactly same rights and privileges as if you were using that computer locally with the same user account, regardless of what kind of user account, admin or standard you have on your remote client (the computer you use to connect to remote host).

An example:
  • PC-1, only two user accounts exist:
    • Admin user ALMIGHTY
    • Standard user NIXCANDO
  • PC-2, only two user accounts exist:
    • Admin user THEKING
    • Standard user JUSTASERF
  • You are using PC-1, logged in as standard user NIXCANDO
  • You want to use PC-1 to connect to PC-2 (in other words, PC-1 is your remote client and PC-2 is your remote host)
  • You cannot log in to PC-2 over RDC using accounts ALMIGHTY and NIXCANDO because although they exist on your remote client, they do not exist on remote host
  • If you connect using JUSTASERF's credentials to connect to remote host, a user account that does not even exist on your remote client, you will of course have the JUSTASERF's standard user rights on remote host
  • If you connect using THEKING's credentials to connect to remote host you will of course have the THEKING's admin user rights on remote host
The above put short: When using Remote Desktop Connection to connect to a remote host, you will have full local administrator rights if you connect using an existing admin account of the remote host.

Kari
My System SpecsSystem Spec
06 Feb 2015   #3
spokey

Windows 7 32-bit
 
 

i'm pretty sure that connecting via remote desktop lowers your privileges (connecting using the local machine id/pwd). so for example I think you can't connect to C$. I kind of remember some registry entry that disabled that.
My System SpecsSystem Spec
.

06 Feb 2015   #4
Kari

Microsoft Community Contributor Award Recipient

 

Quote   Quote: Originally Posted by spokey View Post
i'm pretty sure that connecting via remote desktop lowers your privileges (connecting using the local machine id/pwd). so for example I think you can't connect to C$. I kind of remember some registry entry that disabled that.
That is not true.

You can use your local machine's (remote client) user credentials (username and password) only if a user account exists on the remote computer (remote host) with exactly same credentials. There is absolutely, completely no chance to sign in to a remote computer with credentials that do not exist there.

I repeat what I told in my first post in this thread: If you log in to remote computer using a standard account, you will get standard user privileges. If you log in to remote computer using an admin account, you get admin privileges.
My System SpecsSystem Spec
06 Feb 2015   #5
spokey

Windows 7 32-bit
 
 

That's what I meant. I guess bad context on my part. By local, I meant local to the remote machine.
My System SpecsSystem Spec
06 Feb 2015   #6
Kari

Microsoft Community Contributor Award Recipient

 

Quote   Quote: Originally Posted by spokey View Post
That's what I meant. I guess bad context on my part. By local, I meant local to the remote machine.
But that is of course so, obviously. You cannot have admin rights if you do not log in with admin account. As soon as you connect to remote host with an admin account, you have exactly the same rights than an admin user logging in locally.
My System SpecsSystem Spec
03 Apr 2015   #7
spokey

Windows 7 32-bit
 
 

I finally found it. It was not access via RemoteDesktop. It was running a command like shutdown -s -m <remotemachine> against a remote computer and getting an access denied because of reduced privileges.

The answer was to add LocalAccountTokenFilterPolicy = 1

in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

for a more complete explanation - How to Remotely Shutdown or Restart a Windows Computer
My System SpecsSystem Spec
Reply

 How do I elevate Remote Desktop Privilege?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Care to recommend a remote access method beside Remote Desktop?
I have a home network of 4 Win 7 computers which I leave running when I'm away from home to provide data to my website, among other things. In the past, I've been using Remote Desktop to access my home computers. It works very well, but it's always a challenge getting everything set up to work...
Network & Sharing
Remote features not working -remote desktop, WMC, iTunes remote, etc.
OS: Win8 64bit (My desktop is Win8, my laptop is Win7. We're dealing with the desktop here.) Where I am: university network, but these features seem to be working with my laptop. Things I've checked: allowing services through Windows Firewall (Bonjour, WMC services, etc.) Allowing remote...
Network & Sharing
Infection Of Windows Through Remote Access/Remote Desktop
This morning, I heard a nationally syndicated computer expert state that some Chinese hackers were "getting into" Windows based computers through "Remote Access/Remote Desktop" even if the service is turned off. According to the guru, "They will turn it on for you." Being very concrete, as well...
System Security
Remote Desktop Client 6.1 Cannot connect to remote computer
We have several remote systems that can all connect fine. I am having an issue with one box. It is a windows 7 home premium machine with netgear wireless nic. When I open mstsc to connect to a remote machine I put in the ip address and click on connect. I receive an immediate failure with the...
Network & Sharing
Which Solution: Remote Desktop? Virtual Desktop? Remote Terminal?
Hi guys, i have a question about remote connection, but i don't know exactly what kind of solution i'm looking for... i have a desktop with quad-cpu and much bigger memory, and i have another laptop which is old and slow. My thinking is to make a server on the desktop, so that the laptop...
Network & Sharing
Using Remote Desktop instead of Remote Assistance for remote helpdesk?
Hi I know there are other products out there, like vnc, ultravnc, teamviewer etc etc, but really nothing beats the sheer speed of remote desktop, it's like sitting in front of the actual computer. I also know about Remote Assistance built into Windows 7. I would like to use remote desktop...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:45.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App