I am pretty new to designing Active Directory domains and using GPO to make settings ont he local machine. However, I have been set a task and am struggling.
I have a Server 2019 virtual instance Domain Controller and two virtual Windows 10 instances running on ESXi 7.0, lets call them machines A and B, joined to the domain.
I have three users X, Y and Z.
User X needs to be allowed to access either machine A or machine B.
User Y should only be allowed to access machine A, User Z should only be allowed to access machine B
I have created OU's nested so that there is a top OU, and inside that two more OU's A and B. Inside OU A I have put machine A and a security group AUsers. Inside OU B I have put machine B and security group BUsers. I have added User X to both security groups, User Y to AUsers and User Z BUsers. I have added these security groups to the local machines 'Remote Desktop Users' group.
However I am getting errors stating that users do not have remote desktop permission when I try to connect using a Remote Desktop Connection form a third non-domain joined machine.
Do I need to add these security groups to the Domain Remote Desktop Users group? Or should I add the specific users?
I have seen instructions regarding the need to create a GPO that adds the AUsers group to the Restricted Groups but I'm really not sure I understand what Restricted Groups are - if anyone can point to some resources, I've been googling it with a lot of confusing info found... Any pointers to great resources or training would be very greatfully received also!
