2020年2月3日 星期一

Allow non-administrators RDP Access to Domain Controller

To allow remote connection to the domain controllers for members of the Remote Desktop Users group you need to perform the following action for each of your DCs:
  • Start Local Group Policy Editor (gpedit.msc);
  • Go to the section Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment;
  • Find the policy Allow log on through Remote Desktop Services
  • Edit the policy by adding the domain group Remote Desktop Users (like this: domainname\Remote Desktop Users), or directly the domain user, or a group (domain\somegroupname) to it;
  • Update local policies on the DC using the command gpupdate /force


Display the members of the domain group Remote Desktop Users on the domain controller:

net localgroup "Remote Desktop Users"

As you can see, it is empty. Add a domain user it-pro to it (in our example, it-pro is a standard domain user without administrative privileges):
net localgroup "Remote Desktop Users" /add corp\it-pro

Make sure that the user is added to this group:
net localgroup "Remote Desktop Users"

沒有留言:

張貼留言