Forum Discussion

HungryMoo's avatar
HungryMoo
Copper Contributor
Aug 14, 2023

How to enable Remote Desktop on to Domain Controllers for non admins

Hello,  Our cyber team needs remote desktop access to our domain controllers for read purposes. They're part of the built-in "remote desktop users" group, but that doesn't give them RDP access. I th...
Active Directory
management
security
windows server
MathieuVandenHautte's avatar
MathieuVandenHautte
Iron Contributor
Aug 15, 2023

Hi HungryMoo,

I advice:
- only allowing domain administrators logging in to domain controllers
- prevent using Remote Desktop to interactively manage domain controllers
- never using the Remote Desktop Users group (in general: never use built-in groups)

- implementing a secure administrative "jump server" architecture

  • HungryMoo's avatar
    HungryMoo
    Copper Contributor
    Aug 15, 2023
    Thanks Mathieu,
    "never using the Remote Desktop Users group (in general: never use built-in groups)" - the group is empty by default. The obvious question being, if they're never intended for use, why have them in the first place?

Resources