01-26-2018 09:26 AM
01-26-2018 09:26 AM
I work remotely a fair bit and would like to just connect via RDC to my office PC. If I am part of the Domain Admins group, this works fine. But I am setting up a less privileged account to access the domain and I cannot get access via this less-privileged name (account). I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.
I have read various articles and some suggest a GPO setting but GPO settings are applied to an OU and my PC is in the Domain Computers OU and so I don't want to add a GPO to everyone else's PC. I could take my PC out of the Domain Computers OU but then I wonder what the impact of that would be (other than obviously it would not get any GPO settings on that OU - which I could fix).
Can someone run through the things I need to set so that I can RDC into my PC with a less privileged account.
01-26-2018 04:35 PM
I added the account to the domain's "Remote Desktop Users" group which I understand is automatically a part of the local PC's Remote Desktop Users group.
I don't think that's all there is to it. You can follow along here to complete the steps.
01-27-2018 03:20 AM
if it is just the one pc, it might be easier for you to just add the non-privileged account to the local remote desktop users on your office pc rather than using GPO which could affect all computers the GPO is linked to.
Also, I was wondering are you only doing this via VPN, or have you opened ports straight to this computer on the firewall. I am just thinking of security is all.
Hope this helps and if you need any further information happy to help in any way I can.
01-30-2018 06:44 AM
Right now, it is just the one PC so I will probably just add it manually, locally to that PC; but I need to discuss with the other 2 admins whether we should not be "formalizing" this and doing it via a GPO for consistency. And yes, I access first via a VPN and then jump to the PC I need.