Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote desktop for admin only 1

Status
Not open for further replies.
jshurst

jshurst

Programmer
Oct 27, 2004
1,158
US
I can only get users connected using remote desktop to my domain controller if I use the "Administrators" group. I thought that making them apart of the "Remote Desktop Users" group would give them this right?

Am I missing some permission or something? I want them to be able to run a few programs on the computer, but not access everything.

Can someone point me in the right direction here. I'm not an admin or anything.

Thanks,
 
Sort by date Sort by votes
what error do you get when you only give them RDP Users permission?
 
Upvote 0 Downvote
That users can not connect remotely and that they need to be added the the Remote Desktop Users group (which have access by default).
 
Upvote 0 Downvote
Remote Desktop, by default(when activated), only allows memebers of the (local or Domain, if DC) Admin group access via RDP. To allow other users to connect:
From your DC, Right-Click My Computer -> properties -> Remote Tab -> select remote users button -> Add.
I would creat a group call TSUSERS and add it. Whomever you want to access the server via RDP, make their account a member of the group.

One red flag...
Why would you want your users to access your domain controller? I would not recommend this.

Good Luck...
 
Upvote 0 Downvote
Don't know. This is a home network on a test server. Just kinda learning this stuff. How can I tell which mode I'm in?
 
Upvote 0 Downvote
Another possibility is that the default group policy setting for DCs has the "log on locally" permission restricted to administrators. Have you changed this?

I also have to agree with WhoKilledKenny, by the way: giving your users any sort of access to the DC is just _begging_ for problems.
 
Upvote 0 Downvote
That is probably the case. So how do I change the group policy for the DC to include the Remote Desktop Users to "log on locally"?

As I said, this is my only computer, so it's not that big of a deal that it is also the DC.

Thanks.
 
Upvote 0 Downvote
In the default domain controllers policy:

Computer Configuration
|--Windows Settings
|--Security Settings
|--Local Policies
|--User Rights Assignment

Select "Log on locally" and add whatever users you need to. Though you could add "Everyone" I would instead define some security group and add that, instead.

Also, read before doing any of this.
 
Upvote 0 Downvote
Awesome. Figured it out.

Run->gpedit.msc
Then what was mentioned above.

"Computer Configuration
|--Windows Settings
|--Security Settings
|--Local Policies
|--User Rights Assignment"

Then went to "Allow Log on through Terminal Services and Added Remote Desktop Users"...And whola! Success.

Thanks for everyone's help. I guess I need to start reading about group policy. I get what is does, but have no idea how to administer it. Thanks everyone!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
541
MaioMaio
MaioMaio
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
825
gbaughma
gbaughma
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
376
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
961
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top