Link to home
Start Free TrialLog in
Avatar of Harold
HaroldFlag for United States of America

asked on

Windows 2016 local access for Domain User

Windows 2016 Standard. You used to be able to turn on "Logon locally" and add users. Not an option now, well it's there but cannot modify. Don't want to go to the expense of RDS CALs, for a single user, to access a single app. Planning on using an en expensive remote connection tool, is there a work around or idea anyone can share?
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Harold
Harold
Flag of United States of America image

ASKER

@McKnife....what am I looking for? I see the same as if I was editing to change. Buttons grey.
Avatar of McKnife
McKnife
Flag of Germany image
There is a column that would should which policy has set this, right there where you are looking at in rsop.msc
Avatar of Harold
Harold
Flag of United States of America image

ASKER

Default domain controller policy, as I have setup no more than drive mappings. Literally brand new box.
Avatar of McKnife
McKnife
Flag of Germany image
So that tells you, it's set in the default domain controllers policy and that's where you could modify it, if you indeed wanted to let users logon to your domain controller (should be avoided!).
Avatar of Harold
Harold
Flag of United States of America image

ASKER

@McKnife, so I'm in GPedit correct, to modify? I know it's not suggested, but it's a one user, sparse usage.
SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Harold
Harold
Flag of United States of America image

ASKER

@Mcknife, I totally respect that and with that being said, options would be remote to a desktop, then resources needed or setup RDS?
Avatar of McKnife
McKnife
Flag of Germany image
Without installing the RDSH role, you may use two rdp sessions at a time for administrative purposes only.
Else, non-administrative, would require the RDSH role and with ut, you'd need to buy CALs.
Avatar of Harold
Harold
Flag of United States of America image

ASKER

@McKnife right, that is the reason for me thinking I can just give this user general access as user and not logging in as RDP Admin account. This not applicable in this scenario?
Avatar of McKnife
McKnife
Flag of Germany image
I don't know if license terms explicitly forbid non-administrative usage over rdp, but it could be. Technically, it would work, but if you may and want to do it, is up to you to find out.
Avatar of Harold
Harold
Flag of United States of America image

ASKER

Never could find where to change, this always grey buttons.

Thanks
Avatar of McKnife
McKnife
Flag of Germany image
So you found out, it was set in the default domain controllers policy - you will be able to change it there, won't you?
Avatar of Harold
Harold
Flag of United States of America image

ASKER

I saw the area the default domain controller policy but the buttons are still grey.
Avatar of McKnife
McKnife
Flag of Germany image
Where? If you open the default domain controller policy, you can edit them - no ifs or buts.
Avatar of Harold
Harold
Flag of United States of America image

ASKER

@McKnife...thanks...I was doing it all wrong. I see it now. We have a temp connection to a desktop, to see if that works for them, if not I may do this.

Regards
Avatar of Harold
Harold
Flag of United States of America image

ASKER

thanks again