Members of "Remote Desktop Users" group cannot login
I have a domain controller and a member server running W2K8 R2 server. TS licensing is on the DC, TServices is on the member server. Unless I make a user a domain admin, they cannot login: they get the message that they have not been granted to the logon right in terminal services, to make sure they are a member of the RDUsers group or grant the right manually.
I have made sure they are a member of the RDUsers group, and I have also tried setting the group policy to allow RDusers to logon through terminal services, but none of it works.
Any other ideas of what I'm doing wrong?
Solution 1:
The users have to be part of the RDusers group locally on the server you want to login via RDP, not only in the AD. I find this very irritating as well, if someone can provide a workaround for this it would be much appreciated.
Solution 2:
Just add Domain admins or create a new security group called RDP in AD and add this new Group to the (local) Remote desktop user group of each server you build that way you can manage Remote user permission via active directory
Solution 3:
I had to do this in a Group Policy (I used the generic Domain Users group, but you should probably use a group created for this specifically)