• Server 2012 Enable Remote Desktop (RDP) through Group Policy (GPO)


    http://www.dannyeckes.com/server-2012-enable-remote-desktop-rdp-group-policy-gpo/

    Since my ESX lab is all virtual I don’t have any monitors connected to my servers. The best way to manage these servers is by connecting remotely. I want to be able to remote onto all my computers but limit which users can remote onto these machines. The best way to do this is through a group policy that sets this up on all machines.

    My GPO will need to do the following:

    • Enable Remote Desktop Service
    • Open the Firewall to allow Remote Desktop
    • Disallow local admins from making changes
    • Only allow certain users to logon remotely.

    CREATE A SECURITY GROUP

    I want only members of a specific security group to use remote desktop. I need to create a group for these users to be a member of.

    1. Open up Active Directory Users and Computers
    2. Create an Organizational Unit (OU) called “DOMAIN – Groups”
    3. Under your Groups OU create another OU called “Security”. This is where we will hold all of our security groups.
    4. Right click Security and select New > Group.
    5. Give the group a name. I used “SG – Remote Desktop Users”.

    Screen Shot 2013-10-05 at 12.26.22 PM

    CREATE THE GPO

    Now that we have a security group, we need to enable RDP and allow only members of this group to connect to our systems.

    1. Log into your Domain Controller.
    2. On the Start Screen type: gpmc.msc. This will pull up the Group Policy Management Console.
    3. Right click on your domain and select “Create a GPO in this domain, and Link it here…”. I am creating this GPO at the root of my domain to allow access to all servers and computers in my domain. This might not be exactly what you want to do, if your situation is different then select the OU you want this policy to apply to instead of your domain.
    4. Name the GPO. I used “Enable RDP” to keep it simple. This will create a blank GPO and a link to it.
    5. Right click the GPO or the Link and select “Edit…”
    6. This will pull up a the Group Policy Editor.
      Screen Shot 2013-10-05 at 12.32.38 PM
    7. We are only going to be modifying Computer Settings. We need to enable RDP, open the Firewall, and allow the security group members. Set the following:
      1. Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentAllow Log on through Remote Desktop Services.
        1. Add Users or Group…
        2. Browse and search for your Security Group. In my case it was SG – Remote Desktop users
      2. Computer ConfigurationPoliciesWindows SettingsSecurity SettingsRestricted Groups
        1. Right Click in the blank area and select Add Group…
        2. Browse and find “Remote Desktop Users”
        3. Select OK
        4. Double Click Remote Desktop Users
        5. Select Add for “Members of this Group”
        6. Browse and find your Security group.
      3. Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain ProfileWindows Firewall: Allow Inbound Remote Desktop exceptions: Enabled
      4. Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostConnectionsAllow user to connect remotely by using Remote Desktop Services: Enabled
      5. Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurityDo not allow local administrators to customize permissions: Enabled
      6. Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurityRequire user authentication for remote connections by using NLA: Disabled

    Screen Shot 2013-10-05 at 1.05.52 PM

    Screen Shot 2013-10-05 at 1.06.26 PM

    That should be it! Just wait for or force your computers to update Group Policy. Now any users that are a member of your security group can RDP to your computers.

    - See more at: http://www.dannyeckes.com/server-2012-enable-remote-desktop-rdp-group-policy-gpo/#sthash.atFJJmdH.dpuf

  • 相关阅读:
    创建和发送事件
    (实战)为系统类添加NameValueTable属性,并且添加到相关对话框
    使用GetUniqueIndentifier为某类对象连续编码
    中秋小感
    数据库中取随机数的方法讨论
    CVS添加用户的过程和命令列表
    Mysql中获取刚插入的自增长id的三种方法归纳
    关于Action重复执行两遍的原因
    td内容空的时候,如何显示边框线
    2003下 tomcat 连mysql问题的解决
  • 原文地址:https://www.cnblogs.com/gimmeangel/p/3894646.html
Copyright © 2020-2023  润新知