Limit RDP to desktop for single user in AD

WE are migrating from NT4 to AD. At the moment domain users are in the local administrators group. Due to the timescales for migration I have decided to use a restricted group and allow only intercative user to be in the admin group. So when the user logs off they will not be able to have admin rights on the PC from a remote location. We have serveral developers that work in a test area, they will need to RDP to their own PC and check email, docs etc. How can I only allow that user to RDP to his/her own desktop using GPO? Is it possible?

Who is Participating?
Adam BrownSr Solutions ArchitectCommented:
It's possible, but probably preferrable to just set the groups manually on the computers, because you would need a different GPO for each computer. The Remote Desktop Users group that is on each local computer is used to control which users have Remote Desktop Access to the computer. Adding the user to that group will give them access. Having only that user in the group will set that up.
You could just set the permission on their AD account to only allow login to 'their desktop machine' and whatever one they are connecting from.  Also, add them to the RD group in AD.  I assume the clients and machines are in AD.
Sarah_SmithAuthor Commented:
@acbrown2010 : Yes I will try that, for some reason I was getting confused thinking the restricted group would overwrite the members of the RDP group. However if the RDP group is not specified in the GPO then it wont touch it. :) Ill give it a whirl...

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.