How to add Domain users to local Remote Desktop Users from Group Policy

4

Hello All,

Today we will see how to add Domain Users to local Remote Desktop User Group on the machines that you would like from Group Policy.

For demonstration purposes, I will be applying this GPO on the domain. You could apply this to any OU that you like as per your requirement. The settings will remain the same, only the computers that come under the scope of that OU will be affected.

Remember that we want to add this Users to all the machines that this GPO will apply to. Therefore we will first create a security group called RemoteUsers and the users to this group. The reason we will be doing this because if in future other users require similar access, then you can just add them to this group instead of making changes to the GPO.

Creating the GPO

Assuming that we have everything in place, lets open the Group Policy Management console from Administrative Tools.

Right click on the domain and select Create a GPO in this domain, and link it here. Provide the name of the GPO as Remote Desktop Users Policy and click OK.

How to add Domain users to local Remote Desktop Users from Group Policy

How to add Domain users to local Remote Desktop Users from Group Policy

Configuring the GPO

Now right click the newly created GPO and click on Edit. The Group Policy Editor opens up.

How to add Domain users to local Remote Desktop Users from Group Policy

Since we are trying make changes to a computer, we need make the settings on the Computer Configuration.

Expand Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups.

How to add Domain users to local Remote Desktop Users from Group Policy

Again right click on the Restricted Groups and select Add Group. Type Remote Desktop Users in the pop up window, be sure not click on the Browse button as that will take you to the Local Remote Desktop Users group of that machine alone. Remember, we need to give access to all the computers in the domain.

How to add Domain users to local Remote Desktop Users from Group Policy

How to add Domain users to local Remote Desktop Users from Group Policy

This will open up the Properties of the Remote Desktop Users group that we just created. You will now need to add the RemoteUsers group in the Members of this group section. Note that this will remove any users that is already present in the Remote Desktop Users group on the local machines.

If you just want to modify the members, then use the second option which is This group is a member of.

How to add Domain users to local Remote Desktop Users from Group Policy

Once you click on Add, search for the RemoteUsers group and click on OK.

How to add Domain users to local Remote Desktop Users from Group Policy

This will make sure that RemoteUsers is part of the Remote Desktop Users group on every computer in the domain.

How to add Domain users to local Remote Desktop Users from Group Policy

That’s it! The GPO is configured. Now you will need to test the changes on the client machine that the GPO was applied to. Log in to any one of the machines, open Command Prompt and type gpupdate /force or you could wait until the Group Policy refresh.

How to add Domain users to local Remote Desktop Users from Group Policy

This will update all the changes that we have made.

Testing the GPO

You can test the same by opening up Computer Management and check the Remote Desktop Users group.

How to add Domain users to local Remote Desktop Users from Group Policy

I hope this was informative and thank you for reading!

Share.

About Author

I am Adil Arif, working as a Technical Support Engineer at VMware as well as an independent blogger and founder of Enterprise Daddy. In my current role, I am supporting infrastructure related to Windows and VMware datacenters.

4 Comments

Leave A Reply

LIKE WHAT YOU'VE READ?
If so, please join the community.  I’d love to send you exclusive content right to your email, and I’ll send you a free copy of my book, VMware vSphere 6.0 Lab on Workstation too!
Enter your name and email below, and I’ll see you on the inside!

SUBSCRIBE