?
Solved

How can I assign remote desktop access privilege to a group of users in a test domain

Posted on 2015-01-14
10
Medium Priority
?
268 Views
Last Modified: 2015-01-15
I have a test domain dedicated for all offshore consultants. We have about 100 desktop vm for all of them. When they submit new user request, I need give those users RDP access to all or part of these vms. How could I achive this job quick and easy.

For example, I made three new users and need assign them access to all the 100 vms. How could I do it?

Thanks.
0
Comment
Question by:Jason Yu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 500 total points
ID: 40549350
You need to create a group on the domain for them and then add that group to the local Remote Desktop Users group on the workstations.  Then you can add or remove users by simply adding or removing them from the group.

You can use Group Policy to assign the group to the appropriate local group on the workstation.
Reference: http://www.expta.com/2011/02/adding-users-to-local-security-groups.html
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 1500 total points
ID: 40549472
You can use GP preferences if wanted to
create new OU and move all computers to that OU
Create one global security group in domain and add all required users to this domain group
ON that OU create one GPO, in GPO under computer configuration\preferences\control panel settings find local users and groups and add new built-in remote desktop users group in update mode and add required domain group there as member
This will ensure on all computers required domain group will be added to remote desktop users local group
0
 

Author Comment

by:Jason Yu
ID: 40550128
Got it, thank you, I will test it.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Jason Yu
ID: 40550147
I see an inbuilt group named "remote Desktop Users" in the AC, can I use this group instead of creating a new one?

Please advise, thank you.
0
 

Author Comment

by:Jason Yu
ID: 40550200
Would you guys help me to answer the question: what is the difference between the inbuilt "remote Desktop Users" and the one you guys asked me to create.

Thank you in advance, I really want to know the difference.
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 1500 total points
ID: 40550526
The built-in remote desktop group already has permissions to logon through RDP on computer
Its already there on every workstation under local groups, it will allow you to logon through RDP on respective workstation
In case of domain it was present on every domain controller under built-in container, it will allow you to RDP any domain controller

What you need, you should create another global security group and add it as member of that built-in remote desktop users group so that you can take RDP of workstations

You can add your users to above global group so that they will automatically get rights to logon to all workstations
0
 

Author Comment

by:Jason Yu
ID: 40551605
Thank you, experts. I have created a new group named "remoteaccessgroup" and added those three domain users to this group. After this, I followed this article http://www.expta.com/2011/02/adding-users-to-local-security-groups.html created a "restricted group" in "Group Policy Management Console". I named it "remote desktop users" which is the default remote desktop users group on each computer. Then, I added the new built group to this "restricted group".

Then I go to each vm and found if I restart the vm, the new built group will be populated into the "remote desktop users" local group. If I don't restart the computer, it still doesn't include the new built group and members.

How could I do to make this change take effects on all domain computers/vms?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 1500 total points
ID: 40551636
try below
On the other computer which is not restarted run gpupdate /force and see if group is populated, if it got succeeded,
create bat file with gpupdate /force and add it as logon script for all users
You can put this .bat file under netlogon and then select all users and go to properties and on profile tab under logon script simply type the name of logon script
For ex: abc.bat

Hopefully this will run on computer during user logon and it might apply restricted group policy
0
 

Author Comment

by:Jason Yu
ID: 40551702
Got it, thank you very much. I will go ahead close this question.
0
 

Author Closing Comment

by:Jason Yu
ID: 40551706
Very helpful solutions, I got it done smoothly without any problem.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question