To be able to connect to a remote desktop, users must belong to the local Remote Desktop Users group of the remote desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local Remote Desktop Users group of every remote desktop that is joined to your domain.
The Restricted Groups policy sets the local group membership of computers in the domain to match the membership list settings defined in the Restricted Groups policy. The members of your remote desktop users group are always added to the local Remote Desktop Users group of every remote desktop that is joined to your domain. When adding new users, you need only add them to your remote desktop users group.
Create a group for remote desktop users in your domain in Active Directory.
- On the Active Directory server, navigate to the Group Policy Management plug-in.
AD Version Navigation Path Windows 2003
- Select .
- Right-click your domain and click Properties.
- On the Group Policy tab, click Open to open the Group Policy Management plug-in.
- Right-click Default Domain Policy, and click Edit.
- Select .
- Expand your domain, right-click Default Domain Policy, and click Edit.
- Expand the Computer Configuration section and open Windows Settings\Security Settings.
- Right-click Restricted Groups, select Add Group, and add the Remote Desktop Users group.
- Right-click the new restricted Remote Desktop Users group and add your remote desktop users group to the group membership list.
- Click OK to save your changes.