Solved

Allow User Access to Collection on Windows Server 2012 Remote Desktop

Posted on 2014-09-15
9
391 Views
Last Modified: 2014-10-07
Is there a way to allow a Security Group (two people) access to just the Collection (or Quick Access Collection) of the Server Admin on a Remote Desktop, Windows Server 2012?  I was able to do it easily on 2008, but cannot figure out a way to allow these two "standard" users on the 2012, that sometimes need to provide remote support on the terminal server.  I want the users to be able to shadow or remote control another user (with the users permission).  I do NOT want these two users to be admin's.  It needs to be extremely easy for both sets of users - the helper and the one needing assistance.  Is this possible without third party software?  We have tried to put the tsadmin from 2008 on the 2012, but that did not work.
0
Comment
Question by:StephanieFoster
  • 5
  • 4
9 Comments
 
LVL 21

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40325125
add them to the Local Remote Desktop Group on the server to gain access for Remote Desktop

What you are asking sounds like Remote Assistance needs to be enabled.

Is this for only a single machine or a group of machines?
If it is for a single machine I would try this:
Enabling Remote Assistance
http://msdn.microsoft.com/en-us/library/cc505914.aspx
Enable Remote Assistance > Advance > Add to people you need.
If there are multiple machines I would create a Group Policy and apply it to those machines.
Follow the section under Offering Unsolicited Remote Assistance
My Settings
0
 

Author Comment

by:StephanieFoster
ID: 40350238
Thank you.  It didn't work quite like it used to, but we'll just have to work with it.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 40351232
how did it used to work for you
0
 

Author Comment

by:StephanieFoster
ID: 40352287
They used to be able to Shadow a person (with the users permission).  Now the user that needs help has to send an email invite.    Used to be - right click on the user, remote control (or shadow now), user gives permission, helper can view or control other users screen.   Now only an administrator can shadow for some reason.  We still aren't live, so are still working out kinks, maybe that is just one kink that we haven't fully worked out yet.  

Thanks!
Stephanie
0
ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

 
LVL 21

Expert Comment

by:yo_bee
ID: 40354307
You can accomplish this by using the /offerRA switch.

From Windows (Start)  or Run type MSRA /offerRA <ComputerName> or <IP>
Goes directly to the computer
Or
Windows (Start) or Run tyoe MSRA /offerRA
Brings up a Window that allows you to type the name or ip of the computer
0
 

Author Comment

by:StephanieFoster
ID: 40364906
I might need to do another question, but just in case...

I found the following command, but each time I try to run it (administrator cmd prompt), i get a generic error:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\security group”,2

I have put my domain and security group (even renamed it so there was no spaces).  And I still get the same error.
Stephanie
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 40366440
I have never done it via Windows Management Call.  

did my switches I suggested work at all?
0
 

Author Comment

by:StephanieFoster
ID: 40366537
I couldn't get it to connect to the computer it was on.  I tested it with my own account first and I knew the name.  Kept giving me an error.  Unless I'm not supposed to be on the remote desktop?
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 40366942
Did you add the user group to the GPO setting ?
What error are you getting?
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now