To be able to connect to a remote desktop, users must belong to the local Remote Desktop Users group of the remote desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local Remote Desktop Users group of every remote desktop that is joined to your domain.

About this task

The Restricted Groups policy sets the local group membership of computers in the domain to match the membership list settings defined in the Restricted Groups policy. The members of your remote desktop users group are always added to the local Remote Desktop Users group of every remote desktop that is joined to your domain. When adding new users, you need only add them to your remote desktop users group.

Prerequisites

Create a group for remote desktop users in your domain in Active Directory.

Procedure

  1. On the Active Directory server, navigate to the Group Policy Management plug-in.

    AD Version

    Navigation Path

    Windows 2003

    1. Select Start > All Programs > Administrative Tools > Active Directory Users and Computers.

    2. Right-click your domain and click Properties.

    3. On the Group Policy tab, click Open to open the Group Policy Management plug-in.

    4. Right-click Default Domain Policy, and click Edit.

    Windows 2008

    1. Select Start > Administrative Tools > Group Policy Management.

    2. Expand your domain, right-click Default Domain Policy, and click Edit.

    Windows 2012R2

    1. Select Start > Administrative Tools > Group Policy Management.

    2. Expand your domain, right-click Default Domain Policy, and click Edit.

    Windows 2016

    1. Select Start > Administrative Tools > Group Policy Management.

    2. Expand your domain, right-click Default Domain Policy, and click Edit.

  2. Expand the Computer Configuration section and open Windows Settings\Security Settings.
  3. Right-click Restricted Groups, select Add Group, and add the Remote Desktop Users group.
  4. Right-click the new restricted Remote Desktop Users group and add your remote desktop users group to the group membership list.
  5. Click OK to save your changes.