Manually Grant RDP Access to an Active Directory User
To grant Remote Desktop Protocol (RDP) access to an Active Directory (AD) user on a domain server for Windows servers, follow these steps:
Step 1: Add the User to the Remote Desktop Users Group
- Open the Server: Log in to the Windows server where you want to grant RDP access.
- Open Computer Management:
- Right-click on
This PC
orComputer
on the desktop or in File Explorer. - Select
Manage
to open the Computer Management console.
- Right-click on
- Navigate to Local Users and Groups:
- Expand
Local Users and Groups
. - Click on
Groups
.
- Expand
- Edit Remote Desktop Users Group:
- Double-click on the
Remote Desktop Users
group. - Click
Add
to open the "Select Users" dialog.
- Double-click on the
- Add the AD User:
- In the "Select Users" dialog, click on
Locations
and choose your domain to ensure you are searching in the right location. - Enter the AD username of the user you want to add.
- Click
Check Names
to verify the user. - Click
OK
to add the user. - Click
OK
again to close the properties window.
- In the "Select Users" dialog, click on
Step 2: Configure RDP Settings in Group Policy (Optional)
If you need to configure RDP access for multiple users or servers, you can use Group Policy:
- Open Group Policy Management:
- Open the
Start
menu, typegpmc.msc
, and pressEnter
to open the Group Policy Management Console.
- Open the
- Create or Edit a GPO:
- Locate an existing GPO or create a new one by right-clicking on your domain or an organizational unit (OU) and selecting
Create a GPO in this domain, and Link it here...
.
- Locate an existing GPO or create a new one by right-clicking on your domain or an organizational unit (OU) and selecting
- Edit the GPO:
- Right-click on the GPO and select
Edit
.
- Right-click on the GPO and select
- Navigate to RDP Settings:
- In the Group Policy Management Editor, go to
Computer Configuration
->Policies
->Administrative Templates
->Windows Components
->Remote Desktop Services
->Remote Desktop Session Host
->Connections
.
- In the Group Policy Management Editor, go to
- Enable RDP and Specify Users:
- Enable the policy
Allow users to connect remotely using Remote Desktop Services
. - In
Remote Desktop Session Host
->Security
, enableRequire user authentication for remote connections by using Network Level Authentication
. - In
Remote Desktop Session Host
->Remote Session Environment
, enableAllow users to connect remotely using Remote Desktop Services
.
- Enable the policy
Step 3: Ensure Network Level Authentication (NLA) is Enabled
- Open System Properties:
- Right-click on
This PC
orComputer
and selectProperties
.
- Right-click on
- Remote Settings:
- Click on
Remote settings
on the left.
- Click on
- Allow Remote Connections:
- In the
Remote Desktop
section, ensure thatAllow remote connections to this computer
is selected. - Ensure that
Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)
is checked.
- In the
Step 4: Configure Firewall Settings
- Open Windows Defender Firewall:
- Open the
Control Panel
and navigate toSystem and Security
->Windows Defender Firewall
.
- Open the
- Allow RDP Through Firewall:
- Click on
Allow an app or feature through Windows Defender Firewall
. - Ensure
Remote Desktop
is checked for bothPrivate
andPublic
networks.
- Click on
Step 5: Verify Access
- Test RDP Access:
- From a remote computer, open the Remote Desktop Connection client (
mstsc
). - Enter the server's hostname or IP address and click
Connect
. - Log in using the AD credentials of the user you added to the
Remote Desktop Users
group.
- From a remote computer, open the Remote Desktop Connection client (
By following these steps, you can grant RDP access to an AD user on a domain server.
Updated 5 months ago