• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 667
  • Last Modified:

Adding group to remote desktop group

I want to create a group in Active Directory and then give that group the ability to remote desktop into machines. Whats the best and easiest way to do this? GPO?
0
Thomas N
Asked:
Thomas N
  • 3
  • 2
  • 2
  • +1
1 Solution
 
Santosh GuptaCommented:
Hi,
A default group is already exist in Active Directory, call "Remote desktop Users".  You can user that group.

Also if you want to create another group, create a security group and configure the following policies.
RDP
0
 
0xSaPx0Commented:
GPO:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.

“Allow Logon through Terminal Services”
0
 
MaheshArchitectCommented:
Default remote desktop users group in active directory will be limited to domain controllers only

You cannot use that group to logon to other machines remotely

You must create separate group and add that into above mentioned policy
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
I created a security group and added it in GPO using "restricted groups". I added it to the local remote desktop group.

Does that sound right?
0
 
MaheshArchitectCommented:
What you have done is also right

But setting up allow logon through terminal services GPO is much simple and more effective as it will grant global rights to users who wanted to take RDP of client machines

Restricted group will be getting evaluated every time machine get rebooted which is according to me is more than required
0
 
Thomas NSystems Analyst - Windows System AdministratorAuthor Commented:
I only want access to a certain group though. Wont this allow anyone in that OU remote desktop rights?
0
 
0xSaPx0Commented:
Just create a sub OU and add the group into it and assign the GP at that level.
0
 
MaheshArchitectCommented:
those users who want access only need to be added to group and this group only need to grant logon through terminal services right
Also ensure that administrators and domain admins group will also be added in the allow logon through terminal services user right
Other wise your domain administrators and built-in administrators will face remote login issue on workstations
Also this GPO need to be applied to OU containing computers
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now