Solved

remote access on all systems to backup operators

Posted on 2013-06-25
7
1,034 Views
Last Modified: 2013-11-21
Hi Experts,
Is there a way thru which i can allow "backup operator" group members RDP access on all domain computers/servers ?

i tried to make them members of "remote desktop users" builtin group but that didnt work.


we are running AD on 2008 R2.
0
Comment
Question by:pdixit1977
7 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 150 total points
ID: 39276288
Are you doing any of this through Group Policy?

There are settings to allow Terminal Services:
Computer Configuration/Policies/Windows Settings/Security SEttings/Local Policies/User Rights Assignment

Allow log on through Terminal Services
Deny Log on through Terminal Services
0
 

Author Comment

by:pdixit1977
ID: 39277832
thanks but "Allow log on through Terminal Services" is automatically  assign when a user added to "remote desktop users" built in AD group than why i need to setup this group policy separately.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39293478
The backup operators group needs to be added to the remote desktop user's group on each PC.  You might want to test it on one.  To do this through group policy you need to make use of "restricted groups".  This will replace the members of the local Administrators group so be careful how you use it , as you can lock yourself out.  I recommnd applying the policy only to member computers and not servers.

From an older post of mine.  The links are older but still apply.  You can also do it with a script, let me know if you want details.

"Restricted Groups" is designed specificaly for this purpose. It lets you create a group of users that will be members of the local (Pc's) admin group, but not domain admins. When setting it up be careful as it can replace all local admins (except the default administrator account) and if you haven't added your account or a group to which you belong, you could be locked out. Also, make sure you only apply it to a computer OU, i.e. make sure you do not apply it to your Domain Controllers.
http://www.frickelsoft.net/blog/?p=13
There are some TouTube vieos on this as well
http://www.google.ca/#hl=en&q=2008+restricted+groups&gs_sm=e&gs_upl=37653l44242l0l44456l23l17l0l6l6l0l472l3384l0.7.8.0.1l22l0&um=1&ie=UTF-8&tbo=u&tbm=vid&source=og&sa=N&tab=wv&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=89c4b17b97ea8f9d&biw=1449&bih=743
0
 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 100 total points
ID: 39293492
adding them to remote desktop users will only work if the local groups on the servers and the settings for "allow log on through terminal services"

as said by "ThinkPaper" group policy can amend this group and the settings that use this group via group policy. If you do this that way every time it refreshes group policy it ensure the group membership and local right are assigned correctly.

Without using group policy or local policies that are checked and maintained someone can change this settings and revoke access until someone checks and sets it back
0
 

Author Closing Comment

by:pdixit1977
ID: 39311066
thanks
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question