Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cannot add Domain Group to local Remote Desktop Users group

Posted on 2011-03-18
2
Medium Priority
?
2,061 Views
Last Modified: 2012-05-11
We have an issue where we cannot add any domain groups to the local Remote Desktop Users group on our Server 2008 R2 Enterprise remote desktop server.

I had created a new group in AD called RemoteConnect and put the Domain Admins group in this security group.

I then tried adding this group to the Remote Desktop Users and an error comes up saying "RemoteConnect already a part of the Remote Desktop Users group."

When I try to add the domain users or domain admins group directly into the Remote Desktop Users group it comes up with the same thing: "Domain Admins group already a part of the Remote Desktop Users group."

It is not - the only group in the Remote Desktop Users group is the local administrator.

From my experience it seems as though the groups are not being truly recognized by the Terminal Server machine as when the group is added to the RSU group it is followed by a group of numbers, I.E. [domain]\Domain Users (S-1-5-21-3964760088-388....).

I am saying this because recently we changed the NetBIOS name of our domain from hairylemon0 to hairylemon, although this was done BEFORE this new terminal server was connected to the domain.

I have also tried adding the group directly into TS_CAP_01, when I try to add the RemoteConnect group or the Domain admins group it doesn't even show up in the list, when I try to add the domain users group it comes up in the list as "[servername]\None"

I have added the RemoteConnect group to the "Local Policies -> User Rights Assignments -> Allow Logon through remote desktop services" policy - this has not allowed the Domain Admins to log on.

Any help would be appreciated.
0
Comment
Question by:lemonville
2 Comments
 
LVL 4

Accepted Solution

by:
rjpilcher earned 2000 total points
ID: 35170236
Domain Admins are granted this right by default.

Have a look at this:

How to add a domain group to the Remote Desktop Users group by using Group Policy
Open the Group Policy Management Console (GPMC). To do this, click Start, click Run, type GPMC.msc, and then press ENTER.
Create and link a GPO that is named Restricted Groups to the terminal server organizational unit (OU).
Right-click the Restricted Groups GPO that is linked to the terminal server OU, and then click Edit.
Configure the Restricted Groups setting in the following location in Group Policy Object Editor:
Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
Right-click Restricted Groups, and then click Add Group.
Click Browse, click Locations, select the locations that you want to browse, and then click OK.
Type Remote Desktop Users in the Enter the object names to select box, and then click Check Names. Or, click Advanced, and then click Find Now to list all available groups.
Click the Remote Desktop Users group, and then click OK.
In the Add Groups dialog box, click OK to close it.

The Remote Desktop Users Properties dialog box opens.
In the Members of this group section, click Add.
Click Browse.
In the Select Users or Groups dialog box, type the name of the domain group.
Click Check Names, and then click OK to close the dialog box.
Click OK to close the dialog box and to finish adding the domain group to the Remote Desktop Users group.
0
 
LVL 1

Author Comment

by:lemonville
ID: 35176965
Thanks rjpilcher I think thats done the trick.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Working from home is a dream for many people who aren’t happy about getting up early, going to the office, and spending long hours at work. There are lots of benefits of remote work for employees.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question