In this tutorial, we will see how to configure who can connect to the computer using Remote Desktop.
This tutorial does not apply to RDS deployment, where this configuration is done at the collection level.
This tutorial applies to computers and servers where the remote desktop is configured for takeover.
There are several methods to configure who can connect, in this tutorial we will see two methods. By default, members of the Administrators and Remote Desktop Users group are allowed to connect.
Add users to Administrators or Remote Desktop Users groups
Adding a user or group to the Administrators group gives, in addition to remote desktop access rights, administrative rights on the computer or the server.
Open the Computer Management console, right click on the start menu button 1 and click on Computer Management 2.
Go to Groups 1 which is in System Tools / Local Users and Groups.
Double click on the group 1 to modify to open it.
Click on the Add 1 button.
Select the user or group 1 to add and click OK 2.
Validate the addition of the object 1 to the group by clicking on Apply 2 and OK 3.
The Domain Users group has been added to the Remote Desktop User group.
Allow remote desktop connection through security settings
In the first part, we saw how to give access to the remote desktop using one of the two predefined groups. In this part, we are going to have how to add a group authorize to log on by remote desktop services by passing the security settings.
The configuration is done using the Local Group Policy Editor or can be configured by GPO in an Active Directory environment.
Open a Run window (Windows + R), in Open enter gpedit.msc and click OK 2 to open the Local Group Policy Editor console.
Open Allow log on through Remote Desktop Services 1 setting by double clicking in Computer Configuration / Windows Settings / Security Settings / Local Policies / Assigning User Rights.
Click the Add user or group … 1 button.
Select the object (User or group) 1 and click OK 2.
Validate the configuration by clicking on Apply 1 and OK 2.
The object has been added to the 1 parameter.
Members of the Domain Users group can now log on to Remote Desktop on the computer.
The two methods above achieve the same result by allowing the Domain Users group to log on to the remote desktop on the computer.
The tutorial screenshots are on Windows 10, the handling is identical with Windows Server.