Manually Grant RDP Access to an Active Directory User
To grant Remote Desktop Protocol (RDP) access to an Active Directory (AD) user on a domain server for Windows servers, follow these steps:
Step 1: Add the User to the Remote Desktop Users Group
- Open the Server: Log in to the Windows server where you want to grant RDP access.
- Open Computer Management:
- Right-click on
This PCorComputeron the desktop or in File Explorer. - Select
Manageto open the Computer Management console.
- Right-click on
- Navigate to Local Users and Groups:
- Expand
Local Users and Groups. - Click on
Groups.
- Expand
- Edit Remote Desktop Users Group:
- Double-click on the
Remote Desktop Usersgroup. - Click
Addto open the "Select Users" dialog.
- Double-click on the
- Add the AD User:
- In the "Select Users" dialog, click on
Locationsand choose your domain to ensure you are searching in the right location. - Enter the AD username of the user you want to add.
- Click
Check Namesto verify the user. - Click
OKto add the user. - Click
OKagain to close the properties window.
- In the "Select Users" dialog, click on
Step 2: Configure RDP Settings in Group Policy (Optional)
If you need to configure RDP access for multiple users or servers, you can use Group Policy:
- Open Group Policy Management:
- Open the
Startmenu, typegpmc.msc, and pressEnterto open the Group Policy Management Console.
- Open the
- Create or Edit a GPO:
- Locate an existing GPO or create a new one by right-clicking on your domain or an organizational unit (OU) and selecting
Create a GPO in this domain, and Link it here....
- Locate an existing GPO or create a new one by right-clicking on your domain or an organizational unit (OU) and selecting
- Edit the GPO:
- Right-click on the GPO and select
Edit.
- Right-click on the GPO and select
- Navigate to RDP Settings:
- In the Group Policy Management Editor, go to
Computer Configuration->Policies->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Connections.
- In the Group Policy Management Editor, go to
- Enable RDP and Specify Users:
- Enable the policy
Allow users to connect remotely using Remote Desktop Services. - In
Remote Desktop Session Host->Security, enableRequire user authentication for remote connections by using Network Level Authentication. - In
Remote Desktop Session Host->Remote Session Environment, enableAllow users to connect remotely using Remote Desktop Services.
- Enable the policy
Step 3: Ensure Network Level Authentication (NLA) is Enabled
- Open System Properties:
- Right-click on
This PCorComputerand selectProperties.
- Right-click on
- Remote Settings:
- Click on
Remote settingson the left.
- Click on
- Allow Remote Connections:
- In the
Remote Desktopsection, ensure thatAllow remote connections to this computeris selected. - Ensure that
Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)is checked.
- In the
Step 4: Configure Firewall Settings
- Open Windows Defender Firewall:
- Open the
Control Paneland navigate toSystem and Security->Windows Defender Firewall.
- Open the
- Allow RDP Through Firewall:
- Click on
Allow an app or feature through Windows Defender Firewall. - Ensure
Remote Desktopis checked for bothPrivateandPublicnetworks.
- Click on
Step 5: Verify Access
- Test RDP Access:
- From a remote computer, open the Remote Desktop Connection client (
mstsc). - Enter the server's hostname or IP address and click
Connect. - Log in using the AD credentials of the user you added to the
Remote Desktop Usersgroup.
- From a remote computer, open the Remote Desktop Connection client (
By following these steps, you can grant RDP access to an AD user on a domain server.
Updated 10 months ago