Options

Please clarify RDP

jonlad11jonlad11 Member Posts: 7 ■□□□□□□□□□
in Server 70-290
Hi there, could someone please clarify this point of RDP, i have seen conflicting information from transcender/MSPress and Sybex.

On member servers, adding to the remote desktop group also adds the right to logon terminal servers.
But on Domain Controllers, the right to logon terminal servers must added manually to the remote desktop group.

is this right? if not, could one of you enlightened people please shed some light on this?

cheers one and all
· Share on FacebookShare on Twitter

Comments

  • Options
    EverlifeEverlife Member Posts: 253 ■■■□□□□□□□
    Hi Jon,

    Here's how I understand it:

    Member Servers: Once RD is enabled, by default, the Administrators group and Remote Desktop Users group have the right to logon through terminal services. When you add a user to the Remote Desktop Users group, he/she is inheriting the right.

    Domain Controllers: Once RD is enabled, by default, only members of the Administrators group have the right to logon through terminal services. Remember, there isn't a local security database for a domain controller so no local Remote Desktop Users group exists for the DC. You would have to manually create the group in Active Directory then grant that group the right to logon through terminal services in the Default Domain Controllers Policy which you would edit through Active Directory.

    If you checked your User Rights section of the policies you would see the following:

    Member Server - Allow Logon Through Terminal Services: Administrators, Remote Desktop Users
    Domain Controllers - Allow Logon Through Terminal Services: Administrators

    I hope that clears that up. If I'm mistaken on anything, I'm sure one of the real experts will catch it, but I'm pretty sure I'm right about it.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.