none
UAG DA Manage Out - Domain admins only RRS feed

  • Question

  • Hi

    Our server2008R2 UAG DA appears to be working fine and we can offer remote assistance from any ISATAP enable computer to our DA computers without a problem provided the user is member of the domain admins group.

    We would like to allow staff who are not members of the Domain Admin group to offer remote assistance.

    Is this possible or is manage out only available to members of Domain Admin group.

    Thanks
    Laurie

    PS

    I also noticed that when a DA client is removed from the DA security group i.e. not longer a DA client the same issue occurs. Only Domain Admins can offer remote assistance. Computer than have never been DA clients can be offered remote assistance by any user. Both computers on the same network.


    • Edited by FramingNut Thursday, September 21, 2017 6:28 AM
    Thursday, September 21, 2017 2:51 AM

All replies

  • In Windows, the determining factor for who is allowed to RDP into a machine is typically defined by whether or not you are a member of the "Remote Desktop Users" group on that machine. On the computer that you are trying to RDP into, open up Computer Management and go into Local Users and Groups, and click on Groups. Then double click on the Remote Desktop Users group. Administrators are automatically allowed RDP access, and if you want to allow non-admins access to remote into a machine you need to add their accounts or a group that contains their accounts here.
    Thursday, September 21, 2017 1:27 PM
  • Hi Jordan

    Thanks for your reply. I checked and we already have this set.

    What I did to make this work was add non domain admin users to the Distributed COM Users  group on the DA client.

    The steps are

    1. Create a distribution group called DA_Remote Helpers
    2. Add each staff member who will be offering assistance to DA_RemoteHelpers
    3. Opened the group policy manager on the domain controller
    4. Go to Computer Config > Policies > Windows setting > Security Settings and add Distributed COM Users to the Restrictive Groups
    5. Add the DA_RemoteHelpers to Distributed COM Users

    Cheers

    Laurie

    Friday, September 22, 2017 7:21 AM