Solved

Group Policy inheritance question

Posted on 2014-10-14
2
158 Views
Last Modified: 2014-10-14
I have a problem on a live 2003 server - need to edit policies (I think) to enable users to login thru RDP.

Now, admins already have that privilege, and I would need to set "Allow log on through Terminal Services" policy to contain my users.

Now, if I link this policy - will it OVERRIDE default domain policy, or ADD to the list of users that login?

I am _VERY_ afraid not to lock myself out.
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Rizzle earned 500 total points
ID: 40381132
This should add users to allow list to use RDP but as a precaution put domain admins or your admins in the list aswell.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40381320
I think it'll replace the list of users. Easier to just do what Roshan has recommended above, i.e. add the existing accounts that already have RDP access into your new policy, add the new users/groups that require RDP access, then link the new policy.

If it's just a single server though, you can just modify the Remote Desktop Users group in System PropertiesRemote tab > Select Remote Users... at the bottom > add the required users/security group to the list. No need to mess with Group Policies that way.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question