To be able to connect to a remote desktop, users must belong to the local Remote Desktop Users group of the remote desktop. You can use the Restricted Groups policy in Active Directory to add users or groups to the local Remote Desktop Users group of every remote desktop that is joined to your domain.

The Restricted Groups policy sets the local group membership of computers in the domain to match the membership list settings defined in the Restricted Groups policy. The members of your remote desktop users group are always added to the local Remote Desktop Users group of every remote desktop that is joined to your domain. When adding new users, you need only add them to your remote desktop users group.

These steps apply to the Active Directory server on the domain on which VMware Horizon virtual desktops or published desktops and applications are joined.

Prerequisites

Create a group for remote desktop users in your domain in Active Directory. For example, create a group named "Horizon Users".

Procedure

  1. On the Active Directory server, navigate to the Group Policy Management plug-in and complete the following steps:
    1. Select Start > Administrative Tools > Group Policy Management.
    2. Expand your domain, right-click Default Domain Policy, and click Edit.
  2. Expand the Computer Configuration section and open Windows Settings\Security Settings.
  3. Right-click Restricted Groups, select Add Group, and add the Remote Desktop Users group.
  4. Right-click the group and add your new remote desktop users group to the group membership list.
    For example, add "Horizon Users" to Remote Desktop Users.
  5. Click OK to save your changes.