By default, only the administration group has access to remote desktop into a computer. We needed to add the ability for teachers and administrators to be able to remote back to their desktop machine if needed, so we just added the domain users as a restricted group for remote desktop.
We used the following to add the “domain users” group to the have access to remote desktop. This is not a secure way of doing this since it allows all users to have access to remote desktop; however, if a users is in the process of working on the machine, they will be prompted now to allow for a new remote session.
If you need to specify the users (or groups) that can REMOTE DESKTOP (RDP) to a PC and you want to do this with Group Policy, you are in the right place:
- In Group Policy Management Console (GPMC.MSC) select Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
- Right-click Restricted Groups and then click Add Group.
- Click the Browse button, type Remote and click the Check Names and you should see REMOTE DESKTOP USERS come up.
- Click OK in the Add Groups dialog.
- Click Add beside the MEMBERS OF THIS GROUP box then click Browse.
- Type the name of the domain group, then click the Check Names button, then click OK to close this box.
- Click OK to close this box which will complete the addition of the domain group to the Remote Desktop Users group.
- Go to your PC and in an elevated command prompt type GPUPDATE /FORCE to refresh the GPolicy on your PC
- Verify that the group has been added to under the SELECT USERS button on the REMOTE tab of the PC’s SYSTEM PROPERTIES.