I created a group policy which I thought would add a group to the Remote Desktop Users on all servers and Allow log on through Terminal Services for group (ISADMIN). I created a new GPO (RemoteDesktopUsers-Servers) and assigned the following settings
1) Computer Configuration-->Policies-->Windows Settings-->Security Settings --> Local Policies/User Rights Assignment --> Policy Setting
Allow log on through Terminal Services = DomainName\ISADMINS
Allow users to connect remotely using Remote Desktop Services = Enabled
3) Preferences--> Control Panel Settings --> Local Users and Groups --> Group
(Name: Remote Desktop Users (built-in))
Remote Desktop Users (built-in) (Order: 1)
Group name Remote Desktop Users (built-in)
Delete all member users Disabled
Delete all member groups Disabled
See attached policy export.
After this policy was applied to Domain Controllers and our Servers OUs the Domain Administrator was unable to log into the DCs unless added to the ISAdmin group and only the ISAdmin security group was left or shown under the Local Policies on those domain controllers and servers. The Domain Admin could still log into the other member servers without joining the ISadmins group however.
Does this policy somehow delete or break the Adminsitrators and Remote Desktop Users Builtin groups permissions to RDP to the DCs and servers? Do I need to explicitly specify the Administrators and Remote Desktop Users built-ins in the Allow Log On Through Terminal Services and Remote Desktop Users - Local Groups?
Mixed Environment PDC = 2012DC, DCs are 2008, 2008R2 and 2003R3, Member servers are also same mix of 2012DC, 2012, 2008, 2008R2 and 2003R2. Functional Level of forest and domain is 2003. Recently Promoted 2012DC and assigned all roles.
Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …