Allow User Access to Collection on Windows Server 2012 Remote Desktop

Is there a way to allow a Security Group (two people) access to just the Collection (or Quick Access Collection) of the Server Admin on a Remote Desktop, Windows Server 2012?  I was able to do it easily on 2008, but cannot figure out a way to allow these two "standard" users on the 2012, that sometimes need to provide remote support on the terminal server.  I want the users to be able to shadow or remote control another user (with the users permission).  I do NOT want these two users to be admin's.  It needs to be extremely easy for both sets of users - the helper and the one needing assistance.  Is this possible without third party software?  We have tried to put the tsadmin from 2008 on the 2012, but that did not work.
StephanieFosterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
add them to the Local Remote Desktop Group on the server to gain access for Remote Desktop

What you are asking sounds like Remote Assistance needs to be enabled.

Is this for only a single machine or a group of machines?
If it is for a single machine I would try this:
Enabling Remote Assistance
http://msdn.microsoft.com/en-us/library/cc505914.aspx
Enable Remote Assistance > Advance > Add to people you need.
If there are multiple machines I would create a Group Policy and apply it to those machines.
Follow the section under Offering Unsolicited Remote Assistance
My Settings
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StephanieFosterAuthor Commented:
Thank you.  It didn't work quite like it used to, but we'll just have to work with it.
0
yo_beeDirector of Information TechnologyCommented:
how did it used to work for you
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

StephanieFosterAuthor Commented:
They used to be able to Shadow a person (with the users permission).  Now the user that needs help has to send an email invite.    Used to be - right click on the user, remote control (or shadow now), user gives permission, helper can view or control other users screen.   Now only an administrator can shadow for some reason.  We still aren't live, so are still working out kinks, maybe that is just one kink that we haven't fully worked out yet.  

Thanks!
Stephanie
0
yo_beeDirector of Information TechnologyCommented:
You can accomplish this by using the /offerRA switch.

From Windows (Start)  or Run type MSRA /offerRA <ComputerName> or <IP>
Goes directly to the computer
Or
Windows (Start) or Run tyoe MSRA /offerRA
Brings up a Window that allows you to type the name or ip of the computer
0
StephanieFosterAuthor Commented:
I might need to do another question, but just in case...

I found the following command, but each time I try to run it (administrator cmd prompt), i get a generic error:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\security group”,2

I have put my domain and security group (even renamed it so there was no spaces).  And I still get the same error.
Stephanie
0
yo_beeDirector of Information TechnologyCommented:
I have never done it via Windows Management Call.  

did my switches I suggested work at all?
0
StephanieFosterAuthor Commented:
I couldn't get it to connect to the computer it was on.  I tested it with my own account first and I knew the name.  Kept giving me an error.  Unless I'm not supposed to be on the remote desktop?
0
yo_beeDirector of Information TechnologyCommented:
Did you add the user group to the GPO setting ?
What error are you getting?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.