Solved

Adding group to remote desktop group

Posted on 2014-03-20
8
646 Views
Last Modified: 2014-03-28
I want to create a group in Active Directory and then give that group the ability to remote desktop into machines. Whats the best and easiest way to do this? GPO?
0
Comment
Question by:Thomas N
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39943344
Hi,
A default group is already exist in Active Directory, call "Remote desktop Users".  You can user that group.

Also if you want to create another group, create a security group and configure the following policies.
RDP
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943346
GPO:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

“Allow Logon through Terminal Services”
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39943395
Default remote desktop users group in active directory will be limited to domain controllers only

You cannot use that group to logon to other machines remotely

You must create separate group and add that into above mentioned policy
0
 

Author Comment

by:Thomas N
ID: 39943405
I created a security group and added it in GPO using "restricted groups". I added it to the local remote desktop group.

Does that sound right?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 35

Expert Comment

by:Mahesh
ID: 39943425
What you have done is also right

But setting up allow logon through terminal services GPO is much simple and more effective as it will grant global rights to users who wanted to take RDP of client machines

Restricted group will be getting evaluated every time machine get rebooted which is according to me is more than required
0
 

Author Comment

by:Thomas N
ID: 39943431
I only want access to a certain group though. Wont this allow anyone in that OU remote desktop rights?
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943460
Just create a sub OU and add the group into it and assign the GP at that level.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39943464
those users who want access only need to be added to group and this group only need to grant logon through terminal services right
Also ensure that administrators and domain admins group will also be added in the allow logon through terminal services user right
Other wise your domain administrators and built-in administrators will face remote login issue on workstations
Also this GPO need to be applied to OU containing computers
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now