remote desktop builtin group

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

this may seem a little basic but im trying to find out exactly what adding users to the builtin remote desktop user group does. In my little environment 1 dc, 1 ts server, 1 member server and 1 xp pro, it doesnt seem to do very much. I cant log any user added to that group to any of the above without adding them to the local rdug.

Sorry for being a spazz but I cant see the point of it at the moment?!

 

Yes but I would have thought that adding the user to the remote desktop builtin group would have been enough. just to confuse me even more if I add the user only to the domain members local rdug and not put the user in the builtin group then you can still logon quite happily to it?

 

As I understand it, you need to be a member of the local RDU group on any machine you wish to log into via terminal services (or remote desktop as I believe its called these days - pretty sure they are the same thing). If you arent a member, you cant use terminal services to log in.

Not necessarily so vital if you are using VNC or something similar on your network really.

 

never mind. realised the error of my ways - you were asking about the domain builtin remote desktop group. oops

 

No thats true, but then what is the point of the remote desktop builtin group in ADUC, is it just a hangover from something as i really cant get it to do anything in my set up without adding users into the local machines remote desktop group (the one I want to logon too!

 

It looks like its not attached to anything by default. This is, I assume, to allow you to manually decide which of your servers people are allowed to remote desktop onto. So what you need to do is set up TS, and add the domain RDU group to the permissions for each server you want it to work with.

Alternatively (in a complex environment), you could set up groups for specific servers/groups of servers and give each of them RD access to the target servers.

 

or maybe not:

http://www.windowsdevcenter.com/pub/a/windows/2004/10/05/Remote_Desktop.html

snap Sparky.

 

thanks for the linky guys, its still not working how it says in the link if I add a user to the builtin remote desktop users group and try to logon to my DC I just get the you must have terminal services right/remote desktop error message, and not the "you cant logon interactively".

Oh well I think I'll take my books into work in the morning and see what they all have to say about it.