Forum Discussion
RDC Access to one PC in domain
I work remotely a fair bit and would like to just connect via RDC to my office PC. If I am part of the Domain Admins group, this works fine. But I am setting up a less privileged account to access the domain and I cannot get access via this less-privileged name (account). I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.
I have read various articles and some suggest a GPO setting but GPO settings are applied to an OU and my PC is in the Domain Computers OU and so I don't want to add a GPO to everyone else's PC. I could take my PC out of the Domain Computers OU but then I wonder what the impact of that would be (other than obviously it would not get any GPO settings on that OU - which I could fix).
Can someone run through the things I need to set so that I can RDC into my PC with a less privileged account.
Thanks.
Hello Albert.
if it is just the one pc, it might be easier for you to just add the non-privileged account to the local remote desktop users on your office pc rather than using GPO which could affect all computers the GPO is linked to.
Also, I was wondering are you only doing this via VPN, or have you opened ports straight to this computer on the firewall. I am just thinking of security is all.
Hope this helps and if you need any further information happy to help in any way I can.
Thanks
Richard
Hi Richard,
Right now, it is just the one PC so I will probably just add it manually, locally to that PC; but I need to discuss with the other 2 admins whether we should not be "formalizing" this and doing it via a GPO for consistency. And yes, I access first via a VPN and then jump to the PC I need.
Thanks,
Albert
Sounds good! I would formalise and document it if you are going to start doing this more.
I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.
I don't think that's all there is to it. You can follow along here to complete the steps.
www.vkernel.ro/blog/add-domain-users-to-local-remote-desktop-users-group-using-group-policy
Thanks Dave....I will take a look.
Albert
Sounds good, you're welcome.
