granite03
asked on
Allowing users to connect using RPD on network
Hi
We are looking to implement a group policy that will allow the system administrators to log in on workstations using Domain User credentials. Currently we get the error "The local policy of this system does not permit you to logon interactively" when trying to log in.
We found that the users need to be part of the Local Admin group of the machine to be able to connect which is as a security measure, we would not like them to have.
What I would like to know is if it is possible to make system wide changes to allow logging on remotely to using users credentials without upgrading their security rights? Is there a group policy option that will allow this?
Many thanks
We are looking to implement a group policy that will allow the system administrators to log in on workstations using Domain User credentials. Currently we get the error "The local policy of this system does not permit you to logon interactively" when trying to log in.
We found that the users need to be part of the Local Admin group of the machine to be able to connect which is as a security measure, we would not like them to have.
What I would like to know is if it is possible to make system wide changes to allow logging on remotely to using users credentials without upgrading their security rights? Is there a group policy option that will allow this?
Many thanks
Ensure Domain\Users are listed under remote desktop users on the desktop in question
Better yet add the users that need to connect to the "remote desktop users" group - that will give them the permisisons they need to connect without having admin permissions.
Better yet add the users that need to connect to the "remote desktop users" group - that will give them the permisisons they need to connect without having admin permissions.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
or link gpo to the computer ou of your workstations
ASKER
BarepAssets, I have added the domain\users group to the gpo of the workstations. Now when I log in, I get a new error message "you do not have access to logon to this session"
The users have already been set as member of the "remote desktop users" on the domain, I know by adding the domain\users as a member of the local machine's "remote desktop users" will solve the issue but is there any other way? Especially one that involves making system wide changes and not having to go to each machine locally or connect to it remotely as an admin to make the changes? A gpo object would be perfect in this scenario, if such a thing exists.
The users have already been set as member of the "remote desktop users" on the domain, I know by adding the domain\users as a member of the local machine's "remote desktop users" will solve the issue but is there any other way? Especially one that involves making system wide changes and not having to go to each machine locally or connect to it remotely as an admin to make the changes? A gpo object would be perfect in this scenario, if such a thing exists.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All three solutions had an equally helping hand
If getting this when connecting with mstsc.exe, it's a sign of using /admin parameter (/console in earlier versions) connecting to the console session.