Caponato's Notebook

Let's assume you have created a AD group with users you want to allow to RDC into workstations. Let's assume the group is called “AllowRDU”.

This procedure will not revome existing users from the local 'Administrators' group, it will just add to the group.

1. Open GP Management Editor (RSAT)
2. Right click in your domain name (mad.caponato.es) and select “Create a GPO in this domain and link it here”
3. Name you GPO something relevant, for example: “Allow Remote Desktop” and click OK.
4. Right click an d 'Edit“ your new GPO
5. Browse to Computer Configuration / Policies / Windows Settings / Security Settings / Restricted Groups
6. Right click in the right pane, and 'Add Group…' and Browse (location: mad.caponato.es). Type in your group “AllowRDU”, hit “Check Names” to validate, OK, and OK again.
7. In the lower “This group is a member of:” pane, Add and browse, select Advanced change location to yor PC name (top of tree), and OK, Find now, and select . “Remote Desktop Users”, and OK 4 times.
8. Close all other windows.

On the Windows PC, run

gpupdate /force

On a cmd window of the Windows workstation or else reboot to update.

When you are done, sync Sysvol to other DCs in order to propagete the changes to all DCs.

Caponato's Samba notebook. Start here or else Main menu