Plug the Remote Administration security hole (Windows XP/Server 2003)

The Remote Desktop server feature built into Windows XP and Server 2003 is a great convenience, but if it isn’t properly managed, it can serve as a "weak link" where a hacker can get in. That can be disastrous.

If you don't need to access the desktop of a system remotely, ensure that you disable the Remote Desktop on the Remote tab of the System applet in Control Panel. If you enable Remote Desktop, you can control which users can remotely log on by configuring membership in the Remote Desktop Users group. Note that administrators are able to log on remotely even if they aren’t explicitly added to the group. To change this, you'll need to edit the local security policy. In the right pane of the MMC, under Local Policies, click User Rights Assignment. In the right pane, double-click on the Allow Logon Through Terminal Services policy. Then, select Administrators and click Remove.