Wednesday, 19 June 2013

Allow a User/Security Group to access a Machine via Remote Desktop (RDP)

This is a pretty standard request but it can be useful to remember that there are two simple ways of doing this in the GPMC:

via Group Policies

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow log on through Remote Desktop Services

Double click on "Allow log on through Remote Desktop Services" and the utilise the Add User or Group... option.

 
via Group Preferences
 

Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups
> Within this setting, right-click in the empty white area on the right and select "All Tasks" > "Add".
> Select Update from the "Action:" drop-down menu
> Select Remote Desktop Users (built-in) from the "Group name:" drop down list
> Under the Members select the "Add..." button.
> Add the user/security group to the Name field and select "Add to this group" from the "Action:" field


Both of these approaches should then add user/security group to the Remote Desktop Users group for any computer you apply the policy to. As a sidenote, there is also a third way of achieving this goal (detailed below) but it's preferable to try the above two first since this way can only be used with Groups and Built-in Security Principles.
 
via Restircted Groups

Navigate to: Computer Configuration > Windows Settings > Security Settings > Restricted Groups.

Right click in the white space, then choose add group, then click browse to find the security group, click ok, click add under This group is a member of... ,type in Remote Desktop Users, once this has been added click OK

No comments:

Post a Comment