Windows Server 2012 Remote Desktop Users AD Group Not Working

windows remote-desktop active-directory

I am attempting to manage what users can establish a Remote Desktop connection to servers in a centralized fashion from a Windows Server 2012 domain controller. To do so, I added the users to the builtin "Remote Desktop Users" security group on the DC. However, when I try to connect to a Windows server with a user in that group, I receive a long message starting with

To sign in remotely, you need the right to sign in through Remote Desktop Services...

If I add the user to the local "Remote Desktop Users" group it works. Is there a way to remotely manage RDP users from a centralized DC? If so, does anyone know what I'm missing? I'm not really a Windows administrator so it may be something basic.


Solution 1:

The built in domain RDP users group is for granting RDP access to Domain Controllers. To grant users RDP access to member computers you need to add them to the local RDP users group on each member computer. You can do this via domain Group Policy using Group Policy Preferences or Restricted Groups to modify the members of the local RDP users group.

Related

Send As Distribution Group Email Address?
Can I have three Remote Desktop sessions to a 2008 server without installing Remote Desktop Services?
outbound ftp on server 2008 r2 stalls
What may increase the latency 3-4 times for SQL FCI the database?
How to get /proc/[pid]/cmdline to contain command arguments?
iostat - How does %util affect %idle and %iowait
How to configure SSL through GoDaddy using AWS Certificate Manager?
vsFTPd and iptables - how to configure them in CentOS 5.5?
Trac + SVN: Why post commit hook doesn't work?
Silent uninstall of Lenovo ThinkVantage System Update
Nginx processing requests without a host header
postfwd not rate limiting sasl users