Privileges for the RDP-Listener can be granted using the Tsconfig.msc console snap-in but you can’t alter RDP-Listener permissions using the GOP.
Adding users to this group will give them the correct Logon Rights but not the privileges to connect to the RDP Listener.
Even if they are added to the “Allow Logon through Terminal Services” policy group, they won’t be able to connect to the RDP. One problem you may run into is trying to establish an RDP connection with a user who’s not part of either the Administrators or Remote Desktop Users groups. Adding Users to the “Remote Desktop Users” Group Users who are assigned to either the Administrators or Remote Desktop Users groups are automatically given these Remote Logon rights as well as the necessary privileges. This can be found under:Ĭomputer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment The Remote Logon is specifically governed by the “Allow Logon through Terminal Services” GPO. Both of these rights are necessary to establish an RDP connection to the server. The privileges give users access to the RDP-TCP Listener. The Logon Rights, or remote logon give users rights to the physical machine. There are two types of user rights in relation to remote desktop users: Logon Rights and Privileges. In this article, we’ll cover how this GPO plays a role in establishing RDP connections. System Administrators use this policy to grant users the rights necessary for RDP sessions.
The “Allow Logon through Terminal Services” policy is a Microsoft Group Policy Object (GPO) that defines how the Remote Desktop Protocol (RDP) behaves when connecting users remotely to a machine. The “Allow Logon Through Terminal Services” Policy Explained
0 kommentar(er)
