Home

RDC Access to one PC in domain

Albert Gostick
New Contributor

I work remotely a fair bit and would like to just connect via RDC to my office PC.  If I am part of the Domain Admins group, this works fine.  But I am setting up a less privileged account to access the domain and I cannot get access via this less-privileged name (account).  I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.

 

I have read various articles and some suggest a GPO setting but GPO settings are applied to an OU and my PC is in the Domain Computers OU and so I don't want to add a GPO to everyone else's PC.  I could take my PC out of the Domain Computers OU but then I wonder what the impact of that would be (other than obviously it would not get any GPO settings on that OU - which I could fix).

 

Can someone run through the things I need to set so that I can RDC into my PC with a less privileged account.

 

Thanks.

6 Replies

I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.

 

I don't think that's all there is to it. You can follow along here to complete the steps.

www.vkernel.ro/blog/add-domain-users-to-local-remote-desktop-users-group-using-group-policy

 

 

 

Hello Albert.

 

if it is just the one pc, it might be easier for you to just add the non-privileged account to the local remote desktop users on your office pc rather than using GPO which could affect all computers the GPO is linked to. 

 

Also, I was wondering are you only doing this via VPN, or have you opened ports straight to this computer on the firewall. I am just thinking of security is all.

 

Hope this helps and if you need any further information happy to help in any way I can.

 

Thanks

 

Richard

Thanks Dave....I will take a look.

Albert

Hi Richard,

 

Right now, it is just the one PC so I will probably just add it manually, locally to that PC; but I need to discuss with the other 2 admins whether we should not be "formalizing" this and doing it via a GPO for consistency.  And yes, I access first via a VPN and then jump to the PC I need.

Thanks,

Albert

Sounds good, you're welcome.

 

 

Sounds good! I would formalise and document it if you are going to start doing this more. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies