Solved

Adding group to remote desktop group

Posted on 2014-03-20
8
647 Views
Last Modified: 2014-03-28
I want to create a group in Active Directory and then give that group the ability to remote desktop into machines. Whats the best and easiest way to do this? GPO?
0
Comment
Question by:Thomas N
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39943344
Hi,
A default group is already exist in Active Directory, call "Remote desktop Users".  You can user that group.

Also if you want to create another group, create a security group and configure the following policies.
RDP
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943346
GPO:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

“Allow Logon through Terminal Services”
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39943395
Default remote desktop users group in active directory will be limited to domain controllers only

You cannot use that group to logon to other machines remotely

You must create separate group and add that into above mentioned policy
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Thomas N
ID: 39943405
I created a security group and added it in GPO using "restricted groups". I added it to the local remote desktop group.

Does that sound right?
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39943425
What you have done is also right

But setting up allow logon through terminal services GPO is much simple and more effective as it will grant global rights to users who wanted to take RDP of client machines

Restricted group will be getting evaluated every time machine get rebooted which is according to me is more than required
0
 

Author Comment

by:Thomas N
ID: 39943431
I only want access to a certain group though. Wont this allow anyone in that OU remote desktop rights?
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943460
Just create a sub OU and add the group into it and assign the GP at that level.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39943464
those users who want access only need to be added to group and this group only need to grant logon through terminal services right
Also ensure that administrators and domain admins group will also be added in the allow logon through terminal services user right
Other wise your domain administrators and built-in administrators will face remote login issue on workstations
Also this GPO need to be applied to OU containing computers
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question