Why dont you make use of GPO to accomplish this, Configure GPO and link to the OU where all the servers exists. http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx Regards, _Prashant_MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Thanks for the reply.. Sorry for the confusing word.. when I say non-domain Admin user, yes, its users in the same domain who are not having domain admin access. I have command center team and other people who does not require domain admin access but need to log in to almost all servers in the domain to run some jobs and for monitoring and L1 support sutff. So my question is how can I allow these users to logon to all servers without providing domain admin access?Mahesh

Hi, you can create a Policy using Restricted Groups and add the Users to the Remote Desktop User Group. GPO Path: Computer configuration/Windows settings/Security settings/restricted groups -Right click, add group, click browse to find Domain Users. -Click Ok -Click add under This group is a Member of... -Now type in Remote Desktop Users (You can also use GPP.) Regards, butim

No Problems Mahesh, Did you try configuring GPO to accomplish this?(See my earlier post). Regards, _Prashant_ MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights. Email-giteepag@yahoo.co.in

Hi, If I will be in place of Mahesh, I will try as below....please currect me if am going with wrong/long process. 1) Create security group which will contain all the respective user accounts who need remote desktop access. 2) Create GPO to use restricted groups option & make newly created security group to a member of remote desktop users group 3) link the GOP to the OU where all the respective server contains on which users want to access. Thanks! Regards Rushikesh..

Hi, If I will be in place of Mahesh, I will try as below....please currect me if am going with wrong/long process. 1) Create security group which will contain all the respective user accounts who need remote desktop access. 2) Create GPO to use restricted groups option & make newly created security group to a member of remote desktop users group 3) link the GOP to the OU where all the respective server contains on which users want to access. Thanks! Regards Rushikesh..

Hi, How do I delegate RDP access to a non-domain admin user to logon to servers in my AD environment? I know we can allow RDP access on each server by adding the user to "Remote Desktop Users" group and in local security policy "Allow logon through terminal Services" access. I can not do the same on all 350 servers. So, how do ease this task or is there any other ways delegate access? Thanks in advance.. Mahesh

Hello, what is a non-domain admin user? A support engineer from a foreign company? This person still requires a domain user account for the servers in the domain or you have to create local machine accounts, a mess with 350 servers. Is there any trust between the domain where the person belongs to? Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Why dont you make use of GPO to accomplish this, Configure GPO and link to the OU where all the servers exists. http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx Regards, _Prashant_MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Hello Prashant Girennavar, as the OP is talking about non-domain admins you cannot use GPOs, as the account cannot be added. Thats the reason i asked about a trust to another domain or where this account belongs to.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello Meinlof, User question seems to be bit confusing here. We will not come to know wheather user is a domain user or he belongs to some other domain. TO Mahesh, When you say , non-domain admin user Does that mean users in a same domain who are not having domain admin access? Or these users belongs to some other domain? Please explains If users belongs to same domain , who dont have domain admin access then consider creating a GPO to accomplish the above task, Regards, _Prashant_MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Hi, I agree with above comments. If all users are in the same domain, then we can use Group Policy to achieve this. If there is any update or concern, please feel free to let us know. Best Regards, AidenAiden Cao TechNet Community Support

Sorry for the late reply. I am thankful for all for the useful information. I am finally achieved this thru GPO. Thanks once again for all Mahesh