Allow Domain Users to Use Remote Desktop Services To Workstations

Steps I have already taken:

ON SERVER

  1. Edit default GPO to allow "Remote Desktop Users" group to "Allow log on through Remote Desktop Services"
  2. Verified "Deny log on through Remote Desktop Services" was undefined.
  3. Ran gpupdate.exe in command prompt.
  4. Configured TCP-Listener to allow and grant access to "Remote Desktop Users" Group.
  5. Restarted "Remote Desktop Services" service.

ON WORKSTATION

  1. Configured to Remote Setting to "Allow Remote Connection To This Computer"
  2. I did not select users.

MY QUESTION

I did not select users on the local workstation because my company has many computers and I am trying to find a way to allow non admin domain users to RDP into their systems without having to explicitly go around to each workstation and add that user using the "select users" option on each computer. Isnt there a way to set this up without having to manually add users to each workstation? I am not trying to give users RDP access to the server, Just their workstations. Any help is greatly appreciated. 

March 20th, 2015 6:16pm

Hi Nybrett8,

In the group policy, you can assign domain users or groups to a local builtin group.

Go to "computer configuration" --> "preferences" -->"Control panel settings"-->"Local users and groups"

Right mouse click "New local group" 

This screen appears

Select the builtin group as shown above, and click in the members section on add and select the domain user(s), the domaingroup(s) or computers  you want. (check the default filter, computers aren't checked)

 Apply this to the OU where the computers are located. This should do the trick (have it running in our envorinement as well)

Hope this will work for you too!

Cees


Free Windows Admin Tool Kit Click here and download it now
March 20th, 2015 6:50pm

Hi Nybrett8,

In the group policy, you can assign domain users or groups to a local builtin group.

Go to "computer configuration" --> "preferences" -->"Control panel settings"-->"Local users and groups"

Right mouse click "New local group" 

This screen appears

Select the builtin group as shown above, and click in the members section on add and select the domain user(s), the domaingroup(s) or computers  you want. (check the default filter, computers aren't checked)

 Apply this to the OU where the computers are located. This should do the trick (have it running in our envorinement as well)

Hope this will work for you too!

Cees


March 20th, 2015 10:45pm

You can use the GPO trick as already shared to add a Security Group in AD that contains your respective users members of the local Remote Desktop Users group. The only concerns here is that they can RDP the PC of each other. The same could be achieved using Restricted Groups Group Policy as I described here: http://social.technet.microsoft.com/wiki/contents/articles/20402.active-directory-group-policy-restricted-groups.aspx

Remark: By using Restricted Groups, you will be overwriting the current group members so be careful with that.

Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2015 5:49pm

I would suggest you to run RSOP.msc to understand what effective policy you are getting now.

If still issue and if you are not able to nail down the issue, please follow the Ahmed malek url which is for the Restricted Groups Group Policy  method.

Regards,

Biju Kurup

March 22nd, 2015 11:41pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics