Solved

RDC into windows 7 pro PC that is member of server 2012 standard domain using domain credentals

Posted on 2013-11-11
14
407 Views
Last Modified: 2013-11-12
I have a windows 7 professional application server that is a member of a server 2012 standard domain.

I would like to RDP into the windows 7 Computer using the active directory credentials to establish the RDP session will this work and what syntax to I need to use in the RDP connection?
0
Comment
Question by:jaymv
  • 4
  • 3
  • 3
  • +2
14 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39640822
Enable remote access in the Windows 7 computer's System control panel.  Then you can connect to it.  It's that simple.  If you want to connect from outside the office, the intelligent thing would be to setup direct access on the remote clients or a VPN (cheaper).
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39640827
If you are in a domain, you will also have to make sure the user in question is in the Remote desktop users group also.  Windows should open the RDP port (3389) in the firewall, if you enable it in the advanced options, but it doesn't hurt to check.

Also, if it is just for internal use, you are done, but if you are trying to do this from external, you will want to also forward the port from your WAN side to the internal IP of your computer in question.  Since you most likely will have RDP to a different machine, you may also want to have the machine listen on a custom RDP port, open that on the software firewall, and the forward that port to the machine in question.
0
 
LVL 19

Expert Comment

by:Kash
ID: 39641201
the above options are all valid and will work.

you can also use logmein.com and / or teamviewer etc which does a really good job.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39641310
Maybe you would also like to configure single sign on?
See http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx - this is of course also possible with win7.
0
 

Author Comment

by:jaymv
ID: 39641798
I just really need to know if the RDP session will forward the AD credential over and authenticate the user on with windows 7 box with there AD sign on.  And what is the syntax of how the user should login in the RDP connecton box would be Domain/username:port# (not using standard RDP port of 3389
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39641909
Syntax? Use the remotedesktop client mstsc.exe
About credential forwarding: You read my link? That's it.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39642511
The RDP session is JUST LIKE sitting in front of the computer.  You log in exactly the same way.

You don't specify ports for login, you specify them for connection.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:jaymv
ID: 39642877
Sorry to be vague

Well I am on site now and just as I suspected which is why I posted this question I can not establish and RDP connection to the windows 7 Desktop which is a member of the domain using active directory credentials When I try to connect to the windows 7 desktop with the AD credentials I get "the connection was denied because of the user account is not authorized for remote login:  in active directory on the DC the user is a member of the remote desktop connection group.  That user account is not present locally on the windows 7 box since I don't want ot have to maintain a second database of usernames and passwords locally on the the windows 7 box I want the domain credentials to be used for connecting to the windows 7 box
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39642896
So your settings appear to indicate the user can connect to the server, but not the Windows 7 system.  Look at the local groups on the Windows 7 system.  Are they in any of those?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39642904
The group in AD is by default NOT part of any clients' remote desktop authorized group.
Simply use restricted groups to deploy it to your liking: for example put the group domain users into the local group remote desktop users. Be aware what that would mean: any domain user may rdp into any computer the policy applies to (if, yes if he is allowed to logon to that workstation - that is a different privilege).
0
 
LVL 9

Assisted Solution

by:tsaico
tsaico earned 500 total points
ID: 39642931
McKnife is correct, the remote desktop users group is only present by default if you are running a SBS network.  Otherwise, you will need to make the Group Policy to enable it.

So, you will need to
1. (On server)Create the GPO as described here and push to your workstations.
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
2. (On server) Add your users to the group you put in your GPO as being able to remote into the workstations.
3. (On workstation) If using a custom port number for a specific computer, (don't forget to open the port in the software firewall too) as described here
http://social.microsoft.com/Forums/en-US/4e7bd341-38d9-42b6-9265-c6952dc3cdc3/add-a-new-rdp-listening-port-howto?forum=whssoftware
4. (from your workstation) Test from internal workstation that RDP is working on your port, using the AD credentials.  (also, don't forget, Windows 7 requires you to enter your domain as part of the user name, otherwise it will try a local account, so "domain\user" format.
5. (probably form your workstation) Update the WAN Firewall to forward your custom port, then I test by using an online port scanner like http://www.t1shopper.com/tools/port-scan/

You also do not want your users to use local account since it will also be a separate profile, and if they are like my users, they will leave themselves logged in, which in Windows 7 will prompt the user to allow someone to force log them out, and then finally allow the remote to log in.  Which if no one is there to click "ok", then you get nothing in the remote session.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39642946
Oh, you can also manually put in the user in question into the local workstation group by going to System properties, then remote settings (tab), then select users (button) then adding your user/group in question.  I like the GPO way better, so I can do all of workstation at the same time.  

You can technically do the firewall and the custom RDP port through GPO also, but it can be a pain to make sure they are applying correctly.
0
 

Author Comment

by:jaymv
ID: 39642982
Thanks to all of you
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39642998
Thanks to all, points to one. Why?
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now