Solved

Allow User Access to Collection on Windows Server 2012 Remote Desktop

Posted on 2014-09-15
9
403 Views
Last Modified: 2014-10-07
Is there a way to allow a Security Group (two people) access to just the Collection (or Quick Access Collection) of the Server Admin on a Remote Desktop, Windows Server 2012?  I was able to do it easily on 2008, but cannot figure out a way to allow these two "standard" users on the 2012, that sometimes need to provide remote support on the terminal server.  I want the users to be able to shadow or remote control another user (with the users permission).  I do NOT want these two users to be admin's.  It needs to be extremely easy for both sets of users - the helper and the one needing assistance.  Is this possible without third party software?  We have tried to put the tsadmin from 2008 on the 2012, but that did not work.
0
Comment
Question by:StephanieFoster
  • 5
  • 4
9 Comments
 
LVL 22

Accepted Solution

by:
yo_bee earned 500 total points
ID: 40325125
add them to the Local Remote Desktop Group on the server to gain access for Remote Desktop

What you are asking sounds like Remote Assistance needs to be enabled.

Is this for only a single machine or a group of machines?
If it is for a single machine I would try this:
Enabling Remote Assistance
http://msdn.microsoft.com/en-us/library/cc505914.aspx
Enable Remote Assistance > Advance > Add to people you need.
If there are multiple machines I would create a Group Policy and apply it to those machines.
Follow the section under Offering Unsolicited Remote Assistance
My Settings
0
 

Author Comment

by:StephanieFoster
ID: 40350238
Thank you.  It didn't work quite like it used to, but we'll just have to work with it.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40351232
how did it used to work for you
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:StephanieFoster
ID: 40352287
They used to be able to Shadow a person (with the users permission).  Now the user that needs help has to send an email invite.    Used to be - right click on the user, remote control (or shadow now), user gives permission, helper can view or control other users screen.   Now only an administrator can shadow for some reason.  We still aren't live, so are still working out kinks, maybe that is just one kink that we haven't fully worked out yet.  

Thanks!
Stephanie
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40354307
You can accomplish this by using the /offerRA switch.

From Windows (Start)  or Run type MSRA /offerRA <ComputerName> or <IP>
Goes directly to the computer
Or
Windows (Start) or Run tyoe MSRA /offerRA
Brings up a Window that allows you to type the name or ip of the computer
0
 

Author Comment

by:StephanieFoster
ID: 40364906
I might need to do another question, but just in case...

I found the following command, but each time I try to run it (administrator cmd prompt), i get a generic error:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\security group”,2

I have put my domain and security group (even renamed it so there was no spaces).  And I still get the same error.
Stephanie
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40366440
I have never done it via Windows Management Call.  

did my switches I suggested work at all?
0
 

Author Comment

by:StephanieFoster
ID: 40366537
I couldn't get it to connect to the computer it was on.  I tested it with my own account first and I knew the name.  Kept giving me an error.  Unless I'm not supposed to be on the remote desktop?
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40366942
Did you add the user group to the GPO setting ?
What error are you getting?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question