I would like to provide some users to manage terminal services sessions on Windows Server 2008 RDS farm. However I do not want to provide these users with rights to login to the server or any administrative rights.
Is there any easy way to accomplish this?
I think that the best you can do is set the rights on teh RDP session to give the users permissions to end sessions, force logout, and/or screen shadow
You can do this by creating a group for these users, add the users to the group, add the group to the permissions of the RDP protocol on the RDS server with Allow for all permissions except Logon, set Deny on the Logon permission. This will allow the users to shadow, logoff, message, etc., etc. RDS sessions but won't allow the users to log on to the RDS server and doesn't require that the users be Domain or Local administrators.
Create scripts to perform each RDP management function you need them to do using qwinsta.exe and rwinsta.exe. Then delegate the rights to run those scripts on specific servers using System Frontier.
