I have access to Domain Controller 1 and 2 where "Windows Server 2008 R2 Standard" is running. There are also 10 clients running Windows 7 Professional in the domain, more clients to come.
I would like to have RDP Access from the Domain Controllers to the clients. (Nested RDP sessions are fine because I am already on the DCs using RDP.)
How can this be done using the Domain Tools? I could imaginge there is some policy setting that could be applied to all clients. This should include activating RDP on all clients (without having to go to each machine physically) and afterwards have a list of all clients on the domain controller and click on one of them and get an RDP Session (without entering a Password)
I don't need a mirrored session if one already is open on terminal 0, a new clean rdp session is fine.
Sorry for my bad knowledge of AD, I work with other OSes normally but they want me to do this also which I cannot refuse.
Best Answer
To enable Remote Desktop via group policy, you need to:
You can do this by using the following settings:
Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Allow users to connect remotely using Remote Desktop Services = Enabled
Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules 2a. Right-click -> New Rule... 2b. Predefined -> Remote Desktop, Next, Next 2c. Allow the connection, Finish.
Computer Configuration > Windows Settings > Security Settings > Restricted Groups 3a. Right-click -> Add Group, 3b. Use the Browse button to find the domain group that has all the users you want to be able to use RDP in it, click OK, 3c. Click the second Add button (for "This group is a member of:", 3d. Type, Remote Desktop Users, then click OK twice to confirm the policy setting.
These are the minimum settings you will need to specify.
Source