Posted in Active Directory

Enable Remote Access for Domain Users

   August 18, 2024  Leave a Comment on Enable Remote Access for Domain Users

Configure Local Group Settings

  1. Open Group Policy Management.
  2. Expand your domain node to locate the Default Domain Policy.
  3. Right-click on Default Domain Policy and select Edit.
  4. Navigate to:
    • User Configuration > Preferences > Control Panel Settings > Local Users and Groups.
    • Click the + icon or right-click in the right pane and select New > Local Group.
  5. Set Up the Local Group:
    • Group Name: Select Remote Desktop Users (built-in) from the dropdown list.
    • Check both Delete all member users and Delete all member groups.
    • Click Add.
    • Search for the Domain Users security group in Active Directory, select and click OK.
  6. Go to the Common tab.
    • Check the Item-level targeting option.
    • Click the Targeting button to configure targeting settings.
    • In the Targeting Editor, click New Item and select Domain.
    • Click the button next to NetBIOS domain name, select your domain from the list and click OK.
  7. Click OK to close the Targeting Editor then OK again to close the Local Group Properties window.
  8. Navigate to:
    • Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
    • Enable the policy Allow users to connect remotely by using Remote Desktop Services.

Configure Remote Desktop Services Settings

  1. Navigate to:
    • Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
    • Enable the policy Require user authentication for remote connections by using Network Level Authentication.

Configure Windows Firewall Rules

  1. Navigate to:
    • Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Inbound Rules.
    • Right-click on Inbound Rules and select New Rule.
    • Choose Predefined and select Remote Desktop then click Next.
    • Ensure all related rules are checked and click Next.
    • Select Allow the connection and click Finish.

Add a User to the Remote Desktop Users Group

  1. Open Active Directory Users and Computers.
  2. Navigate to the Domain Users OU.
  3. Right-click on the user account and select Add to a group.
  4. Type Remote Desktop Users.
  5. Click Check Names to validate the group name.
  6. Click OK to add the user to the Remote Desktop Users group.

Verify Remote Access Configuration

  1. Use a domain account to log in to a computer that is connected to your domain.
  2. On the Hyper-V menu, click View and select Enhanced Session.
  3. Try logging in to the remote computer with your domain credentials.
  4. If you are able to log in successfully and access the remote desktop, the configuration has been applied correctly.
Author: admin

Leave a Reply

Your email address will not be published. Required fields are marked *