Solved

Setting a domain level group policy to enable remote control for all desktops

Posted on 2008-10-21
11
1,008 Views
Last Modified: 2012-05-05
I would like to set a domain level group policy that enables remote desktop on all PC's connected to the domain on a SBS 2003 server.
0
Comment
Question by:JackAitken
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 13

Expert Comment

by:SagiEDoc
ID: 22773538
As far as I am aware this is set under computer's and users on the properties of the user under the remote control tab.
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 22773539
The http://connectcomputer wizard does this out of the box during the workstation configuration.
Philip
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 22773547
Are your users local admins? If they are, they can log on via the Remote Web Workplace.
You can manually enable the Remote Connection in the My Computer properties --> Remote tab. Then add any domain users to the Remote Desktop Users group on the local machine.
Otherwise, you will need to modify GPOs and setup others to get things done ... which defeats the purpose since SBS has all that setup for you already.
Philip
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 

Author Comment

by:JackAitken
ID: 22776551
Thanks for the comments, but I know how to set it up manually.  What I would like to do is set a group policy that enables remote desktop on the PC's automatically so when a PC is added to the domain, it doesn't have to be set manually, the group policy takes care of it.

Thanks
0
 
LVL 39

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 22777575
SBS has this built-in by default. When the http://ConnectComputer wizard is used to connect the computer to the domain, you choose the users that are going to be on the system. Once the wizard completes the install routine, those users are able to RDP via RWW or VPN or LAN.
Philip
0
 

Author Comment

by:JackAitken
ID: 22777644
I'll need to try the connectcomputer option.  I've never used that option before.  I'll look it up.  

On existing servers, and Windows2003 non SBS domains, what would be the solution using group policy?

Thanks
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 22777909
Enable the logon via Terminal Services in your default domain policy. Add your domain users to the local computer's Remote Desktop Users group.
Not a good idea on the SBS domain because that will mess things up even more.
Philip
0
 

Author Comment

by:JackAitken
ID: 22885984
Sorry for the delayed response.  I'm short handed and have been burried.  Philip, why would setting a group policy defaulting to enabled remote control on the PC mess things up in an SBS environment.

Thanks
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 22886779
Jack,
Because SBS has everything setup for you by default. Use the wizards, follow the SBS best practices and things work.
Don't follow them, make changes with the various components, and things break.
Philip
0
 

Author Closing Comment

by:JackAitken
ID: 31508620
Using connectcomputer only assigns the 1 user that was specifed when creating the package.  I now have Kaseya and connect with KVNC, and then run a script to enable remote connections.

Thanks
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 24370801
The script works, but if you choose the option to set multiple users in the ConnectComputer wizard and authenticate with the domain admin credentials, then any number of users can be allowed to RDP in.

Philip
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question