Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 03:30 PM (PDT)
Microsoft Tech Community
LIVE

RDC Access to one PC in domain

Copper Contributor

I work remotely a fair bit and would like to just connect via RDC to my office PC.  If I am part of the Domain Admins group, this works fine.  But I am setting up a less privileged account to access the domain and I cannot get access via this less-privileged name (account).  I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.

 

I have read various articles and some suggest a GPO setting but GPO settings are applied to an OU and my PC is in the Domain Computers OU and so I don't want to add a GPO to everyone else's PC.  I could take my PC out of the Domain Computers OU but then I wonder what the impact of that would be (other than obviously it would not get any GPO settings on that OU - which I could fix).

 

Can someone run through the things I need to set so that I can RDC into my PC with a less privileged account.

 

Thanks.

6 Replies

I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.

 

I don't think that's all there is to it. You can follow along here to complete the steps.

www.vkernel.ro/blog/add-domain-users-to-local-remote-desktop-users-group-using-group-policy

 

 

 

Hello Albert.

 

if it is just the one pc, it might be easier for you to just add the non-privileged account to the local remote desktop users on your office pc rather than using GPO which could affect all computers the GPO is linked to. 

 

Also, I was wondering are you only doing this via VPN, or have you opened ports straight to this computer on the firewall. I am just thinking of security is all.

 

Hope this helps and if you need any further information happy to help in any way I can.

 

Thanks

 

Richard

Thanks Dave....I will take a look.

Albert

Hi Richard,

 

Right now, it is just the one PC so I will probably just add it manually, locally to that PC; but I need to discuss with the other 2 admins whether we should not be "formalizing" this and doing it via a GPO for consistency.  And yes, I access first via a VPN and then jump to the PC I need.

Thanks,

Albert

Sounds good, you're welcome.

 

 

Sounds good! I would formalise and document it if you are going to start doing this more.