Solved

remote access on all systems to backup operators

Posted on 2013-06-25
7
1,044 Views
Last Modified: 2013-11-21
Hi Experts,
Is there a way thru which i can allow "backup operator" group members RDP access on all domain computers/servers ?

i tried to make them members of "remote desktop users" builtin group but that didnt work.


we are running AD on 2008 R2.
0
Comment
Question by:pdixit1977
7 Comments
 
LVL 16

Accepted Solution

by:
ThinkPaper earned 150 total points
ID: 39276288
Are you doing any of this through Group Policy?

There are settings to allow Terminal Services:
Computer Configuration/Policies/Windows Settings/Security SEttings/Local Policies/User Rights Assignment

Allow log on through Terminal Services
Deny Log on through Terminal Services
0
 

Author Comment

by:pdixit1977
ID: 39277832
thanks but "Allow log on through Terminal Services" is automatically  assign when a user added to "remote desktop users" built in AD group than why i need to setup this group policy separately.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39293478
The backup operators group needs to be added to the remote desktop user's group on each PC.  You might want to test it on one.  To do this through group policy you need to make use of "restricted groups".  This will replace the members of the local Administrators group so be careful how you use it , as you can lock yourself out.  I recommnd applying the policy only to member computers and not servers.

From an older post of mine.  The links are older but still apply.  You can also do it with a script, let me know if you want details.

"Restricted Groups" is designed specificaly for this purpose. It lets you create a group of users that will be members of the local (Pc's) admin group, but not domain admins. When setting it up be careful as it can replace all local admins (except the default administrator account) and if you haven't added your account or a group to which you belong, you could be locked out. Also, make sure you only apply it to a computer OU, i.e. make sure you do not apply it to your Domain Controllers.
http://www.frickelsoft.net/blog/?p=13
There are some TouTube vieos on this as well
http://www.google.ca/#hl=en&q=2008+restricted+groups&gs_sm=e&gs_upl=37653l44242l0l44456l23l17l0l6l6l0l472l3384l0.7.8.0.1l22l0&um=1&ie=UTF-8&tbo=u&tbm=vid&source=og&sa=N&tab=wv&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=89c4b17b97ea8f9d&biw=1449&bih=743
0
 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 100 total points
ID: 39293492
adding them to remote desktop users will only work if the local groups on the servers and the settings for "allow log on through terminal services"

as said by "ThinkPaper" group policy can amend this group and the settings that use this group via group policy. If you do this that way every time it refreshes group policy it ensure the group membership and local right are assigned correctly.

Without using group policy or local policies that are checked and maintained someone can change this settings and revoke access until someone checks and sets it back
0
 

Author Closing Comment

by:pdixit1977
ID: 39311066
thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question