I am company that I moonlight for is starting a merger that is likely to get ugly. The current “administrator” likes to log on to the terminal server and watch other peoples sessions. None of the users care for this so I would like to set a registry setting or GPO in a manner that this guy can’t do that anymore.
I know that there is a setting per user profile that requires permission to interact with the terminal session but that can just be turned off.
The guy will be getting let go in the near future but in the mean time is there something I can do about this? It is a touchy situation so I can’t just go changing admin passwords and locking him out yet.
Does anybody know of a way that I could adjust a registry setting or set a GPO for this, then change the permissions so that the administrator account can’t reverse it?