Solved

RDC into windows 7 pro PC that is member of server 2012 standard domain using domain credentals

Posted on 2013-11-11
14
408 Views
Last Modified: 2013-11-12
I have a windows 7 professional application server that is a member of a server 2012 standard domain.

I would like to RDP into the windows 7 Computer using the active directory credentials to establish the RDP session will this work and what syntax to I need to use in the RDP connection?
0
Comment
Question by:jaymv
  • 4
  • 3
  • 3
  • +2
14 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39640822
Enable remote access in the Windows 7 computer's System control panel.  Then you can connect to it.  It's that simple.  If you want to connect from outside the office, the intelligent thing would be to setup direct access on the remote clients or a VPN (cheaper).
0
 
LVL 9

Expert Comment

by:tsaico
ID: 39640827
If you are in a domain, you will also have to make sure the user in question is in the Remote desktop users group also.  Windows should open the RDP port (3389) in the firewall, if you enable it in the advanced options, but it doesn't hurt to check.

Also, if it is just for internal use, you are done, but if you are trying to do this from external, you will want to also forward the port from your WAN side to the internal IP of your computer in question.  Since you most likely will have RDP to a different machine, you may also want to have the machine listen on a custom RDP port, open that on the software firewall, and the forward that port to the machine in question.
0
 
LVL 19

Expert Comment

by:Kash
ID: 39641201
the above options are all valid and will work.

you can also use logmein.com and / or teamviewer etc which does a really good job.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39641310
Maybe you would also like to configure single sign on?
See http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx - this is of course also possible with win7.
0
 

Author Comment

by:jaymv
ID: 39641798
I just really need to know if the RDP session will forward the AD credential over and authenticate the user on with windows 7 box with there AD sign on.  And what is the syntax of how the user should login in the RDP connecton box would be Domain/username:port# (not using standard RDP port of 3389
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39641909
Syntax? Use the remotedesktop client mstsc.exe
About credential forwarding: You read my link? That's it.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39642511
The RDP session is JUST LIKE sitting in front of the computer.  You log in exactly the same way.

You don't specify ports for login, you specify them for connection.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:jaymv
ID: 39642877
Sorry to be vague

Well I am on site now and just as I suspected which is why I posted this question I can not establish and RDP connection to the windows 7 Desktop which is a member of the domain using active directory credentials When I try to connect to the windows 7 desktop with the AD credentials I get "the connection was denied because of the user account is not authorized for remote login:  in active directory on the DC the user is a member of the remote desktop connection group.  That user account is not present locally on the windows 7 box since I don't want ot have to maintain a second database of usernames and passwords locally on the the windows 7 box I want the domain credentials to be used for connecting to the windows 7 box
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39642896
So your settings appear to indicate the user can connect to the server, but not the Windows 7 system.  Look at the local groups on the Windows 7 system.  Are they in any of those?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39642904
The group in AD is by default NOT part of any clients' remote desktop authorized group.
Simply use restricted groups to deploy it to your liking: for example put the group domain users into the local group remote desktop users. Be aware what that would mean: any domain user may rdp into any computer the policy applies to (if, yes if he is allowed to logon to that workstation - that is a different privilege).
0
 
LVL 9

Assisted Solution

by:tsaico
tsaico earned 500 total points
ID: 39642931
McKnife is correct, the remote desktop users group is only present by default if you are running a SBS network.  Otherwise, you will need to make the Group Policy to enable it.

So, you will need to
1. (On server)Create the GPO as described here and push to your workstations.
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
2. (On server) Add your users to the group you put in your GPO as being able to remote into the workstations.
3. (On workstation) If using a custom port number for a specific computer, (don't forget to open the port in the software firewall too) as described here
http://social.microsoft.com/Forums/en-US/4e7bd341-38d9-42b6-9265-c6952dc3cdc3/add-a-new-rdp-listening-port-howto?forum=whssoftware
4. (from your workstation) Test from internal workstation that RDP is working on your port, using the AD credentials.  (also, don't forget, Windows 7 requires you to enter your domain as part of the user name, otherwise it will try a local account, so "domain\user" format.
5. (probably form your workstation) Update the WAN Firewall to forward your custom port, then I test by using an online port scanner like http://www.t1shopper.com/tools/port-scan/

You also do not want your users to use local account since it will also be a separate profile, and if they are like my users, they will leave themselves logged in, which in Windows 7 will prompt the user to allow someone to force log them out, and then finally allow the remote to log in.  Which if no one is there to click "ok", then you get nothing in the remote session.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 39642946
Oh, you can also manually put in the user in question into the local workstation group by going to System properties, then remote settings (tab), then select users (button) then adding your user/group in question.  I like the GPO way better, so I can do all of workstation at the same time.  

You can technically do the firewall and the custom RDP port through GPO also, but it can be a pain to make sure they are applying correctly.
0
 

Author Comment

by:jaymv
ID: 39642982
Thanks to all of you
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39642998
Thanks to all, points to one. Why?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP via Multiple VLANS ? 3 67
DHCP setup on Windows Server 2012 11 155
Slow network share for Windows 10 laptops 8 49
Running VB/Batch script through Group policy 30 76
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now