What is the fastest way to allow users to RDP into computers?

0

I have a network with about 20-30 computers which are all on the same network/domain. I just created a non-admin user and tried to RDP to the machines but keep getting the error "The connection was denied because the user account is not authorized for remote login". I added the user to the Remote Desktop Users group which didn't work. I also tried to install Windows Server Essentials Experience and to do it through there, but you have to join each computer to it anyways, so it wouldn't be different from going to each computer and manually adding the user to Remote Desktop Users local group. RDPing for administrators works fine.

Is there a way I can enable RDP to all computers from just the domain controller so there's minimal work involed?

trallgorm

Posted 2018-10-29T17:50:10.777

Reputation: 153

Question was closed 2018-10-31T18:57:46.653

Yes, you can use a Group Policy and set Domain Users as group allowed for Remote Desktop. Its a security risk though. – LPChip – 2018-10-29T17:58:00.033

the user should be added to the Remote Desktop Users group of each computer they're allowed to log in to. The easiest solution, in a domain environment, is to use Group Policy ("Preferences") to add an AD security group, via Group Policy, to each computer. You then centrally manage the group. Or, you create a group for each computer, add your users to the group and then add the group to the respective computer. For external access, one word: VPN. – Kinnectus – 2018-10-29T17:58:14.193

He is not setting up RDP for external connectivity -- from his text, it appears he just wants to allow for Remote Desktop use inside of his org. – thepip3r – 2018-10-29T17:59:43.447

With some scripting automation, doing everything that needs to be done to open and allow the access. – Pimp Juice IT – 2018-10-30T14:44:16.497

I HIGHLY recommend that you look at Group Policy (GP) and/or Desired State Configuration (DSC). GP is how these settings have been managed in a Windows domain for a long time, and is a necessary tool for managing security. DSC is how MS appears to be wanting to go for domain computer management. – music2myear – 2018-10-30T18:55:01.770

Answers

1

There is a two/three step process to allow RDP in your network.

  1. You need to enable RDP
  2. You need to give permissions to users who are authorized to RDP.
  3. Allow TCP 3389 outbound on the RDP-from systems and 3389 inbound on the RDP-to systems (if applicable)

This can all be done through Group Policy.

To enable RDP, open Group Policy (gpmc.msc) probably on Domain Controller (unless you have the Group Policy Management snapin installed on a workstation). Navigate to: Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Connections and modify:

  • Allow users to connect remotely using Remote Desktop Services (set to enable)

You can add members to the Remote Desktop Users group also through group policy, or manually on each machine. Or create a separate user groups for more management control/security (e.g. Domain Controller RDP Users, Server RDP Users, Workstation RDP Users).

thepip3r

Posted 2018-10-29T17:50:10.777

Reputation: 281

Asked: 2018-10-29T17:50:10.777

Viewed: 1 326 times

Active: 2018-10-29T17:58:38.733