To allow remote connection to the domain controllers for members of the Remote Desktop Users group you need to perform the following action for each of your DCs:
- Start Local Group Policy Editor (gpedit.msc);
- Go to the section Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment;
- Find the policy Allow log on through Remote Desktop Services;
- Edit the policy by adding the domain group Remote Desktop Users (like this: domainname\Remote Desktop Users), or directly the domain user, or a group (domain\somegroupname) to it;
- Update local policies on the DC using the command
gpupdate /force
Display the members of the domain group Remote Desktop Users on the domain controller:
As you can see, it is empty. Add a domain user it-pro to it (in our example, it-pro is a standard domain user without administrative privileges):
Make sure that the user is added to this group:
net localgroup "Remote Desktop Users"As you can see, it is empty. Add a domain user it-pro to it (in our example, it-pro is a standard domain user without administrative privileges):
net localgroup "Remote Desktop Users" /add corp\it-proMake sure that the user is added to this group:
net localgroup "Remote Desktop Users"
