How to add Domain users to local Remote Desktop Users from Group Policy

Hello All,

Today we will see how to add Domain Users to local Remote Desktop User Group on the machines that you would like from Group Policy.

For demonstration purposes, I will be applying this GPO on the domain. You could apply this to any OU that you like as per your requirement. The settings will remain the same, only the computers that come under the scope of that OU will be affected.

Remember that we want to add this Users to all the machines that this GPO will apply to. Therefore we will first create a security group called RemoteUsers and the users to this group. The reason we will be doing this because if in future other users require similar access, then you can just add them to this group instead of making changes to the GPO.

Creating the GPO

Assuming that we have everything in place, lets open the Group Policy Management console from Administrative Tools.

Right click on the domain and select Create a GPO in this domain, and link it here. Provide the name of the GPO as Remote Desktop Users Policy and click OK.

Configuring the GPO

Now right click the newly created GPO and click on Edit. The Group Policy Editor opens up.

Since we are trying make changes to a computer, we need make the settings on the Computer Configuration.

Expand Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups.

Again right click on the Restricted Groups and select Add Group. Type Remote Desktop Users in the pop up window, be sure not click on the Browse button as that will take you to the Local Remote Desktop Users group of that machine alone. Remember, we need to give access to all the computers in the domain.

This will open up the Properties of the Remote Desktop Users group that we just created. You will now need to add the RemoteUsers group in the Members of this group section. Note that this will remove any users that is already present in the Remote Desktop Users group on the local machines.

If you just want to modify the members, then use the second option which is This group is a member of.

Once you click on Add, search for the RemoteUsers group and click on OK.

This will make sure that RemoteUsers is part of the Remote Desktop Users group on every computer in the domain.

That's it! The GPO is configured. Now you will need to test the changes on the client machine that the GPO was applied to. Log in to any one of the machines, open Command Prompt and type gpupdate /force or you could wait until the Group Policy refresh.