To be able to connect to a remote desktop, users must belong to the local Remote Desktop Users group of the remote desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local Remote Desktop Users group of every remote desktop that is joined to your domain.

The Restricted Groups policy sets the local group membership of computers in the domain to match the membership list settings defined in the Restricted Groups policy. The members of your remote desktop users group are always added to the local Remote Desktop Users group of every remote desktop that is joined to your domain. When adding new users, you need only add them to your remote desktop users group.

These steps apply to the Active Directory server on the domain on which Horizon 7 virtual desktops or published desktops and applications are joined.

Prerequisites

Create a group for remote desktop users in your domain in Active Directory. For example, create a group named "Horizon Users".

Procedure

  1. On the Active Directory server, navigate to the Group Policy Management plug-in.
    AD Version Navigation Path
    Windows 2003
    1. Select Start > All Programs > Administrative Tools > Active Directory Users and Computers.
    2. Right-click your domain and click Properties.
    3. On the Group Policy tab, click Open to open the Group Policy Management plug-in.
    4. Right-click Default Domain Policy, and click Edit.
    Windows 2008
    1. Select Start > Administrative Tools > Group Policy Management.
    2. Expand your domain, right-click Default Domain Policy, and click Edit.
    Windows 2012R2
    1. Select Start > Administrative Tools > Group Policy Management.
    2. Expand your domain, right-click Default Domain Policy, and click Edit.
    Windows 2016
    1. Select Start > Administrative Tools > Group Policy Management.
    2. Expand your domain, right-click Default Domain Policy, and click Edit.
  2. Expand the Computer Configuration section and open Windows Settings\Security Settings.
  3. Right-click Restricted Groups, select Add Group, and add the Remote Desktop Users group.
  4. Right-click the group and add your new remote desktop users group to the group membership list.
    For example, add "Horizon Users" to Remote Desktop Users.
  5. Click OK to save your changes.