careless_hxuk Posted September 6, 2011 Share Posted September 6, 2011 I have a client who is having difficulty setting up a Remote Desktop server in their domain. They have added a number of users to the Remote Desktop Users in Active Directory, but their Remote Desktop server is not respecting this, and is instead only allowing users from the local group to have access. It is possible to add users to this group (either manually using Local Users and Groups, or by selecting users in the Remote Access configuration screen), but this is a workaround rather than a fix.I've tried adding the group DOMAIN\Remote Desktop Users to the SERVER\Remote Desktop Users but this doesn't work as that group simply doesn't appear in the list. I can't see ay relevant group policy settings, and as far as I remember there shouldn't be any need to modify Group Policy anyway. I get the feeling that this is a really simple thing, but I can't figure it out at all. Link to comment Share on other sites More sharing options...
allen2 Posted September 6, 2011 Share Posted September 6, 2011 The Domain Remote desktop users group isn't made for this purpose (it is a domain local group and so only give rights on domain controllers).The proper way to do things is to create a universal group or global group (depending on your AD level) and add users to this group then add this group to the local group of each remote desktop server (or use a gpo to do this if you have a lot of servers). Link to comment Share on other sites More sharing options...
careless_hxuk Posted September 6, 2011 Author Share Posted September 6, 2011 The Domain Remote desktop users group isn't made for this purpose (it is a domain local group and so only give rights on domain controllers).The proper way to do things is to create a universal group or global group (depending on your AD level) and add users to this group then add this group to the local group of each remote desktop server (or use a gpo to do this if you have a lot of servers).Cheers. I had half suspected that this might be the case - now I can go ahead and do this without fear that I might be neglecting a more elegant or proper solution. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now