Windows

Windows – Allow RDP Access to Domain Controller for Non-admin Users

#active directory, #administration, #windows server
windows_serverwindows server

By default, only members of the Domain Admins group have the remote RDP access to the Active Directory domain controllers‘ desktop.

Display the members of the domain group Remote Desktop Users on the domain controller using the command:

net localgroup "Remote Desktop Users"

Add a domain user to it:

net localgroup "Remote Desktop Users" /add domain\username
  1. Launch the Local Group Policy Editor (gpedit.msc)
  2. Go to the GPO section Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment;
  3. Find the policy Allow log on through Remote Desktop Services;
  4. Edit the policy, add the domain group Remote Desktop Users (like this: domainname\Remote Desktop Users), or directly the domain user, or a group (domain\CA_Server_Admins) to it
  5. Update the Local Group Policy settings on the DC using the command: gpupdate /force

Related Articles

Windows

Windows – Allow RDP Access to Domain Controller for Non-admin Users

Windows

Windows – Remotely Enable Remote Desktop

Windows

Windows – Active Directory – Replication Health

Windows

RDP Logs (Remote Desktop Windows)