I need to be able to grant (and revoke) local, non-administrator users' access to a Windows 7 system in an automated fashion (i.e. not by using the System Properties control panel). Script, batch, registry file, or what have you is fine.
I had though this was as simple as adding the user to a "Remote Desktop" group (via, say, NET LOCALGROUPS), but the systems don't seem to have one.
Any ideas?
Best Answer
To add the user jscott to the group Remote Desktop Users:
net localgroup "Remote Desktop Users" jscott /ADDIf you're in an Active Directory domain environment, you can simply add a domain group (e.g., "Desktop Remote Users", or the like) to the local Remote Desktop Users group. Have a look at Group Policy Restricted Groups to manage these memberships. You can then manage the members of the domain group without having to update the workstations.
If the local group is missing, you will need to recreate it and assign it permissions. Create the group
NET LOCALGROUP "Remote Desktop Users" /ADD, then open the local security policy editorsecpol.mscand grant the group "Allow log on though Remote Desktop Services". You can also do this via Group Policy in a domain environment.I would be curious to know how this group disappeared, if it was not just deleted. Perhaps another SF'er will know.