none
Remote desktop : no user in remote desktop users group RRS feed

  • Question

  • I'm facing a huge problem with remote desktop.

    I used to have a 2003 server on which AD has been created. A replication of this AD has been created when a 2008 R2 Server came. Now the 2003 server has been removed and i'm setting up the remote desktop server. The functional level of the 2008server in AD has been raised.

    Now, the remote desktop users group  has different users but best practice analyser says the opposite !!! and i'm unable to log into remote desktop with those users, member of the RDusers group.

    deoes anyone have an idea ?

    Tuesday, July 19, 2011 12:20 PM

Answers

  • Hi,

    Please logon to your Server 2008 R2 as an administrator, click Start--Run, then enter secpol.msc.  In the left pane, navigate and select Security Settings\Local Policies\User Rights Assignment.  In the right pane double-click on Allow log on through Remote Desktop Services, click Add User or Group, then enter Remote Desktop Users, then save your change by clicking OK twice.

    After completing the above procedure please test by using Remote Desktop to connect to the server as a user who is a member of the Remote Desktop Users group.

    While I believe it is okay for many small environments or special-case servers, Microsoft generally does not recommend allowing regular users to logon to a Domain Controller using Remote Desktop.

    Thanks.

    -TP 

    • Marked as answer by Api17141 Wednesday, July 20, 2011 7:37 AM
    Tuesday, July 19, 2011 3:17 PM
    Moderator

All replies

  • If I understand correctly you currently have a 2008 R2 server which is domain controller and is a Remote Desktop Server? (contains the RD Session Host role) ?

    So the AD group "Remote Desktop Users" on the domain controller has members but you can't logon to the domaincontroller using a useraccount that is a member of the group. Is that correct?

    Just a quick check; is the "Remote Desktop Users" group still added list on the security tab of the RDP-TCP properties of the RD Session Host Configuration?



    Kind regards,
    Freek Berson
    http://www.microsoftplatform.blogspot.com
    Wortell company website
    Twitter
    Tuesday, July 19, 2011 2:51 PM
    Moderator
  • Hi,

    Please logon to your Server 2008 R2 as an administrator, click Start--Run, then enter secpol.msc.  In the left pane, navigate and select Security Settings\Local Policies\User Rights Assignment.  In the right pane double-click on Allow log on through Remote Desktop Services, click Add User or Group, then enter Remote Desktop Users, then save your change by clicking OK twice.

    After completing the above procedure please test by using Remote Desktop to connect to the server as a user who is a member of the Remote Desktop Users group.

    While I believe it is okay for many small environments or special-case servers, Microsoft generally does not recommend allowing regular users to logon to a Domain Controller using Remote Desktop.

    Thanks.

    -TP 

    • Marked as answer by Api17141 Wednesday, July 20, 2011 7:37 AM
    Tuesday, July 19, 2011 3:17 PM
    Moderator
  • Freek, You've exactly understood my problem and oraganisation ... 'Remote Desktop Users' group is still added to the RDP-TCP properties Thanks for your reply
    Wednesday, July 20, 2011 7:24 AM
  • You're right ....

     

    That's magic ...

     

    Thanks A lot

    Wednesday, July 20, 2011 7:38 AM