• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

Can i use group policy to allow remote access?

I have created an OU called LabUsers under domain.local in ADUC. I have added half a dozen users into this OU. I want all the users to be able to access other PC's on the network. At the moment when a user tries to access another machine remotely there is a warning stating "To log on to this remote computer you must be granted the allow logon through terminal services right" I've been exploring two ways around this. 1st way was to create a GP on the LabUsers OU allowing remote access. The second was was to create a security group which is a member of RemoteDesktopUsersGroup and make all my users members of that group. That didnt seem to work either? Can anyone help me?
Thanks
0
Jonesey007
Asked:
Jonesey007
  • 7
  • 4
  • 3
1 Solution
 
Jonesey007Author Commented:
Hi thanks for the quick reply, i have read both the articles. When im logged in as Administrator i can remote access Server2 fine so that proves its enabled. The first document says the users need to be members of RemoteDesktopUsersGroup which makes sense. I added them to this group but still no luck? any more ideas?
0
 
Jonesey007Author Commented:
Is it possible that there might be a substantial delay between when i add the users to the group and when they can logon remotely? or should it be straight away because the machines are in the same domain?

Thanks
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
speshalystCommented:
can you grant remote control access explicitly to one user from the LAbusers OU on a problem Pc ?  
 
0
 
Mike KlineCommented:
If you add a user to the remotedesktop users group on a server that user still can't access the PC remotely
0
 
speshalystCommented:
i dont see why there should be delay ...  unless these are spread across different sites or something like that ..
 
0
 
Jonesey007Author Commented:
This is not going well. Im testing this with two machines. One is going to be my Exchange server and is headless. The second is my DC. So far i've been trying to remote access the Exchange machine, now ive just logged out of the Admin account on the DC and tried to login as one of the new users and im getting another message, this time stating "The local policy on this system does not allow login interactivley"?? Is there something fundamentally wrong with my users?? all i did was create an ou and create the users in there

Thanks again for all the help
0
 
Mike KlineCommented:
Ok didn't realize it was a domain controller.
There is a user rights assignment called "Allow logon on through Terminal Services"
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment
Allow logon on through Terminal Services
On domain controllers only Administrators have that right.
You can modify that but I'd be weary of letting non admins log into a DC.
Thanks
Mike
0
 
Jonesey007Author Commented:
Thanks for the reply. I am logging into the DC as an Administrator, i then open RemoteDesktop and try to logon to the 2nd server (not a dc) with a new user (rob) i created. I just made an OU called LabComputers and moved the 2nd server into the OU, i then created a RemoteAccess GPO linked to the LabComputers OU which added my Rob user to Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment Allow Logon through Terminal Services.

I think this is what you suggested but im still having no luck
0
 
Mike KlineCommented:
is the "rob user" a member of the remote desktop users group on the 2nd server (I'm assuming just a member server)
 
 
0
 
Jonesey007Author Commented:
Yes he is, in his Member Of tab it says
Domain Users                     domain.local/Users
Remote Desktop Users      domAIN.LOCAL/BuiltIn

Thanks
0
 
Jonesey007Author Commented:
Morning guys, any chance of abit more help with this? When i created the users i have only made them members of Remote Desktop Users, do they need to be members of anything else?

Thanks
0
 
Jonesey007Author Commented:
I've just managed to log on remotley with my Rob user. I logged onto the remote machine with Administrator, Right clicked on My Computer, went to Properties, then Remote.
In this property pane i already had Enable Remote Desktop on this machine ticked, but i just noticed another box saying "Select Remote Users" i then added Rob and he can now remote login. Is there a better way so i dont have to go around each machine and add users / groups manually?

Thanks
0
 
Mike KlineCommented:
That list is being populated by who is in the "Remote Desktop Users" group on the machine.  To test go in and add a user to that group on the machine then look in that box, user should be there.
 
Thanks
Mike
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now