I have a server running Windows Server 2008 R2 as a domain controller. I have a number of Windows 7 x64 Professional machines. I am trying to set Remote Desktop privileges to all users to login to all my domain machines.
I have set the User Rights Assignment for Allow user to login through Terminal Services (Remote Desktop)
to Authenticated users, Users, & Remote Desktop users. I have added Authenticated Users
to the Remote Desktop Users
group in Active Directory. I have also gone into Group policy and enabled the following setting:
Computer Management Policies->Administrative Template->Windows
Components ->Remote Desktop Services-> Remote Desktop Session Host
->Connections ->Allow users to connect remotely using Remote Desktop Services
Users still cannot login. I am entirely confused. I have to many machines to go to individually and grant access. Can anyone suggest a step I am missing?
Best Answer
The Remote Desktop Users group in AD controls RDP access to Domain Controllers. It has no bearing on the local Remote Desktop Users group or RDP access to domain joined computers that are not Domain Controllers. For those computers you'll need to use Group Policy Preferences or Restricted Groups to modify the membership of the local Remote Desktop Users group.