• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 417
  • Last Modified:

RDC into windows 7 pro PC that is member of server 2012 standard domain using domain credentals

I have a windows 7 professional application server that is a member of a server 2012 standard domain.

I would like to RDP into the windows 7 Computer using the active directory credentials to establish the RDP session will this work and what syntax to I need to use in the RDP connection?
0
jaymv
Asked:
jaymv
  • 4
  • 3
  • 3
  • +2
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Enable remote access in the Windows 7 computer's System control panel.  Then you can connect to it.  It's that simple.  If you want to connect from outside the office, the intelligent thing would be to setup direct access on the remote clients or a VPN (cheaper).
0
 
tsaicoCommented:
If you are in a domain, you will also have to make sure the user in question is in the Remote desktop users group also.  Windows should open the RDP port (3389) in the firewall, if you enable it in the advanced options, but it doesn't hurt to check.

Also, if it is just for internal use, you are done, but if you are trying to do this from external, you will want to also forward the port from your WAN side to the internal IP of your computer in question.  Since you most likely will have RDP to a different machine, you may also want to have the machine listen on a custom RDP port, open that on the software firewall, and the forward that port to the machine in question.
0
 
Kash2nd Line EngineerCommented:
the above options are all valid and will work.

you can also use logmein.com and / or teamviewer etc which does a really good job.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
McKnifeCommented:
Maybe you would also like to configure single sign on?
See http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx - this is of course also possible with win7.
0
 
jaymvAuthor Commented:
I just really need to know if the RDP session will forward the AD credential over and authenticate the user on with windows 7 box with there AD sign on.  And what is the syntax of how the user should login in the RDP connecton box would be Domain/username:port# (not using standard RDP port of 3389
0
 
McKnifeCommented:
Syntax? Use the remotedesktop client mstsc.exe
About credential forwarding: You read my link? That's it.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
The RDP session is JUST LIKE sitting in front of the computer.  You log in exactly the same way.

You don't specify ports for login, you specify them for connection.
0
 
jaymvAuthor Commented:
Sorry to be vague

Well I am on site now and just as I suspected which is why I posted this question I can not establish and RDP connection to the windows 7 Desktop which is a member of the domain using active directory credentials When I try to connect to the windows 7 desktop with the AD credentials I get "the connection was denied because of the user account is not authorized for remote login:  in active directory on the DC the user is a member of the remote desktop connection group.  That user account is not present locally on the windows 7 box since I don't want ot have to maintain a second database of usernames and passwords locally on the the windows 7 box I want the domain credentials to be used for connecting to the windows 7 box
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
So your settings appear to indicate the user can connect to the server, but not the Windows 7 system.  Look at the local groups on the Windows 7 system.  Are they in any of those?
0
 
McKnifeCommented:
The group in AD is by default NOT part of any clients' remote desktop authorized group.
Simply use restricted groups to deploy it to your liking: for example put the group domain users into the local group remote desktop users. Be aware what that would mean: any domain user may rdp into any computer the policy applies to (if, yes if he is allowed to logon to that workstation - that is a different privilege).
0
 
tsaicoCommented:
McKnife is correct, the remote desktop users group is only present by default if you are running a SBS network.  Otherwise, you will need to make the Group Policy to enable it.

So, you will need to
1. (On server)Create the GPO as described here and push to your workstations.
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
2. (On server) Add your users to the group you put in your GPO as being able to remote into the workstations.
3. (On workstation) If using a custom port number for a specific computer, (don't forget to open the port in the software firewall too) as described here
http://social.microsoft.com/Forums/en-US/4e7bd341-38d9-42b6-9265-c6952dc3cdc3/add-a-new-rdp-listening-port-howto?forum=whssoftware
4. (from your workstation) Test from internal workstation that RDP is working on your port, using the AD credentials.  (also, don't forget, Windows 7 requires you to enter your domain as part of the user name, otherwise it will try a local account, so "domain\user" format.
5. (probably form your workstation) Update the WAN Firewall to forward your custom port, then I test by using an online port scanner like http://www.t1shopper.com/tools/port-scan/

You also do not want your users to use local account since it will also be a separate profile, and if they are like my users, they will leave themselves logged in, which in Windows 7 will prompt the user to allow someone to force log them out, and then finally allow the remote to log in.  Which if no one is there to click "ok", then you get nothing in the remote session.
0
 
tsaicoCommented:
Oh, you can also manually put in the user in question into the local workstation group by going to System properties, then remote settings (tab), then select users (button) then adding your user/group in question.  I like the GPO way better, so I can do all of workstation at the same time.  

You can technically do the firewall and the custom RDP port through GPO also, but it can be a pain to make sure they are applying correctly.
0
 
jaymvAuthor Commented:
Thanks to all of you
0
 
McKnifeCommented:
Thanks to all, points to one. Why?
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now