Windows Server 2012 Remote Desktop Users AD Group Not Working
I am attempting to manage what users can establish a Remote Desktop connection to servers in a centralized fashion from a Windows Server 2012 domain controller. To do so, I added the users to the builtin "Remote Desktop Users" security group on the DC. However, when I try to connect to a Windows server with a user in that group, I receive a long message starting with
To sign in remotely, you need the right to sign in through Remote Desktop Services...
If I add the user to the local "Remote Desktop Users" group it works. Is there a way to remotely manage RDP users from a centralized DC? If so, does anyone know what I'm missing? I'm not really a Windows administrator so it may be something basic.
Solution 1:
The built in domain RDP users group is for granting RDP access to Domain Controllers. To grant users RDP access to member computers you need to add them to the local RDP users group on each member computer. You can do this via domain Group Policy using Group Policy Preferences or Restricted Groups to modify the members of the local RDP users group.