Solved

Allow User Access to Collection on Windows Server 2012 Remote Desktop

Posted on 2014-09-15
9
404 Views
Last Modified: 2014-10-07
Is there a way to allow a Security Group (two people) access to just the Collection (or Quick Access Collection) of the Server Admin on a Remote Desktop, Windows Server 2012?  I was able to do it easily on 2008, but cannot figure out a way to allow these two "standard" users on the 2012, that sometimes need to provide remote support on the terminal server.  I want the users to be able to shadow or remote control another user (with the users permission).  I do NOT want these two users to be admin's.  It needs to be extremely easy for both sets of users - the helper and the one needing assistance.  Is this possible without third party software?  We have tried to put the tsadmin from 2008 on the 2012, but that did not work.
0
Comment
Question by:StephanieFoster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 23

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40325125
add them to the Local Remote Desktop Group on the server to gain access for Remote Desktop

What you are asking sounds like Remote Assistance needs to be enabled.

Is this for only a single machine or a group of machines?
If it is for a single machine I would try this:
Enabling Remote Assistance
http://msdn.microsoft.com/en-us/library/cc505914.aspx
Enable Remote Assistance > Advance > Add to people you need.
If there are multiple machines I would create a Group Policy and apply it to those machines.
Follow the section under Offering Unsolicited Remote Assistance
My Settings
0
 

Author Comment

by:StephanieFoster
ID: 40350238
Thank you.  It didn't work quite like it used to, but we'll just have to work with it.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40351232
how did it used to work for you
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:StephanieFoster
ID: 40352287
They used to be able to Shadow a person (with the users permission).  Now the user that needs help has to send an email invite.    Used to be - right click on the user, remote control (or shadow now), user gives permission, helper can view or control other users screen.   Now only an administrator can shadow for some reason.  We still aren't live, so are still working out kinks, maybe that is just one kink that we haven't fully worked out yet.  

Thanks!
Stephanie
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40354307
You can accomplish this by using the /offerRA switch.

From Windows (Start)  or Run type MSRA /offerRA <ComputerName> or <IP>
Goes directly to the computer
Or
Windows (Start) or Run tyoe MSRA /offerRA
Brings up a Window that allows you to type the name or ip of the computer
0
 

Author Comment

by:StephanieFoster
ID: 40364906
I might need to do another question, but just in case...

I found the following command, but each time I try to run it (administrator cmd prompt), i get a generic error:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\security group”,2

I have put my domain and security group (even renamed it so there was no spaces).  And I still get the same error.
Stephanie
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40366440
I have never done it via Windows Management Call.  

did my switches I suggested work at all?
0
 

Author Comment

by:StephanieFoster
ID: 40366537
I couldn't get it to connect to the computer it was on.  I tested it with my own account first and I knew the name.  Kept giving me an error.  Unless I'm not supposed to be on the remote desktop?
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 40366942
Did you add the user group to the GPO setting ?
What error are you getting?
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
Let’s list some of the technologies that enable smooth teleworking. 
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question