Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot add Domain Group to local Remote Desktop Users group

Posted on 2011-03-18
2
Medium Priority
?
2,018 Views
Last Modified: 2012-05-11
We have an issue where we cannot add any domain groups to the local Remote Desktop Users group on our Server 2008 R2 Enterprise remote desktop server.

I had created a new group in AD called RemoteConnect and put the Domain Admins group in this security group.

I then tried adding this group to the Remote Desktop Users and an error comes up saying "RemoteConnect already a part of the Remote Desktop Users group."

When I try to add the domain users or domain admins group directly into the Remote Desktop Users group it comes up with the same thing: "Domain Admins group already a part of the Remote Desktop Users group."

It is not - the only group in the Remote Desktop Users group is the local administrator.

From my experience it seems as though the groups are not being truly recognized by the Terminal Server machine as when the group is added to the RSU group it is followed by a group of numbers, I.E. [domain]\Domain Users (S-1-5-21-3964760088-388....).

I am saying this because recently we changed the NetBIOS name of our domain from hairylemon0 to hairylemon, although this was done BEFORE this new terminal server was connected to the domain.

I have also tried adding the group directly into TS_CAP_01, when I try to add the RemoteConnect group or the Domain admins group it doesn't even show up in the list, when I try to add the domain users group it comes up in the list as "[servername]\None"

I have added the RemoteConnect group to the "Local Policies -> User Rights Assignments -> Allow Logon through remote desktop services" policy - this has not allowed the Domain Admins to log on.

Any help would be appreciated.
0
Comment
Question by:lemonville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
rjpilcher earned 2000 total points
ID: 35170236
Domain Admins are granted this right by default.

Have a look at this:

How to add a domain group to the Remote Desktop Users group by using Group Policy
Open the Group Policy Management Console (GPMC). To do this, click Start, click Run, type GPMC.msc, and then press ENTER.
Create and link a GPO that is named Restricted Groups to the terminal server organizational unit (OU).
Right-click the Restricted Groups GPO that is linked to the terminal server OU, and then click Edit.
Configure the Restricted Groups setting in the following location in Group Policy Object Editor:
Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
Right-click Restricted Groups, and then click Add Group.
Click Browse, click Locations, select the locations that you want to browse, and then click OK.
Type Remote Desktop Users in the Enter the object names to select box, and then click Check Names. Or, click Advanced, and then click Find Now to list all available groups.
Click the Remote Desktop Users group, and then click OK.
In the Add Groups dialog box, click OK to close it.

The Remote Desktop Users Properties dialog box opens.
In the Members of this group section, click Add.
Click Browse.
In the Select Users or Groups dialog box, type the name of the domain group.
Click Check Names, and then click OK to close the dialog box.
Click OK to close the dialog box and to finish adding the domain group to the Remote Desktop Users group.
0
 
LVL 1

Author Comment

by:lemonville
ID: 35176965
Thanks rjpilcher I think thats done the trick.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question