1

I have a group policy setup that turns on remote desktop connections to all clients on the network.

The only problem with this, is the local user accounts are not administrative accounts and do not have access to remote desktop. The only way I can remote in is if I use an administrative account and log them out.

Is there a way to add remote desktop users on the remote machines via group policy, or do I need to manually add them in the remote settings via system on the local machine?

Thanks.

Jeff
  • 1,089
  • 5
  • 25
  • 46
  • 1
    You can control local group membership, using Group Policy, via the [Restricted Groups](http://support.microsoft.com/kb/279301) option. See this http://serverfault.com/questions/227188/is-it-possible-to-add-a-local-user-to-the-admins-group-through-group-policy/227189#227189 -- That question uses the local group "Administrators" in the example, but you may use any local group with Restricted Groups. – jscott Nov 10 '11 at 16:06
  • @jscott -- So , I would create a new group called Remote Desktop Users, and add the members for accounts that would be able to use remote desktop connections, then make the group a member of remote desktop users? – Jeff Nov 10 '11 at 16:14
  • Create domain group "DOMAIN\Remote Desktop Users - Workstations" (or what ever designation you want) and add the required domain users to that group. Use Restricted Groups to add that new domain group to the pre-existing local group "Remote Desktop Users". – jscott Nov 10 '11 at 16:18

1 Answers1

6

You can use Group Policy Preferences to update the local "Remote Desktop Users" group to contain whatever users you want it to.

The screenshot below shows modifications to the Administrators group, but you can select any built-in group you want, including Remote Desktop Users. GPP Screencap

MDMarra
  • 100,183
  • 32
  • 195
  • 326