Permissions define how users and groups can access a terminal server, allowing you to secure the server. Terminal Services permissions can be handled easily on a per-computer basis, using the Remote Desktop Users user group and the RemoteInteractiveLogon right. In some cases, however, it might be necessary to manage permissions on a per-connection basis.
Managing Permissions on a per-connection basis
Terminal Services Configuration allows you to manage permissions on an individual connection by means of the Permissions tab in the connection Properties page.
The TCP/IP connection installed with Terminal Services comes with a set of default permissions. You can modify these default permissions by setting different permissions for different users or groups, adjusting them to fit the requirements of your organization. You must be logged on as a member of the Administrators group to manage connection permissions.
The default permissions on Terminal Services objects are as follows:
Administrators Full control
LOCAL SERVICE Service permissions
NETWORK SERVICE Service permissions
Remote Desktop Users User access
SYSTEM Full control
Guest Guest access
For information about managing permissions for users and groups, see Adding users and groups. For information about the types of permissions used to control access to Terminal Services, see Controlling connection access.