Windows 2012 & Remote Desktop Users group

Question

On Windows Server 2012, it seems that, by default, only users in the Administrators group are permitted to log on remotely to a Windows 2012 server.

How can I use PowerShell to allow users who are in the "Remote Desktop Users" group (but not in the Administrators group) to log in remotely?

They are in the "Remote Desktop Users" group on the server and still cannot remote in? — TheCleaner, Jun 07 '13 at 20:13
Yes, they are in the Remote Desktop Users group and they still cannot log in. The machine I was running on happens to be a domain controller, could it have different rules? — Lorin Hochstein, Jun 07 '13 at 20:16

score 2 · Accepted Answer · answered Jun 07 '13 at 20:25

2

Yes...a DC will have different rules (even on a 2008/2003.

You'll first need to set this:

http://technet.microsoft.com/en-us/library/cc785165%28WS.10%29.aspx

Then:

You'll need to change the Domain Controller policy setting as well:

RDP - Allow log on through Terminal Services

This security setting determines which users or groups have permission to log on as a Terminal Services client. By default, on domain controllers only Administrators have permission.

But you also shouldn't be allowing non-admins access to a domain controller...but you can determine your level of risk here...

answered Jun 07 '13 at 20:25

TheCleaner

32,627
26
132
191

1

This is just a test environment in a lab, not production. – Lorin Hochstein Jun 07 '13 at 20:30
Understood...should work once you go through the settings I listed. – TheCleaner Jun 07 '13 at 20:32

Windows 2012 & Remote Desktop Users group

1 Answers1