Menu
Allow non-administrators RDP Access to Domain Controller. As you can see, there are no local groups on the domain controller. Instead of the local group Remote Desktop Users, DC uses the built-in domain group Remote Desktop Users (located in the Builtin container). You can manage this group from the ADUC console or from the command prompt on the DC. In the Computer Management window click on Local Users and Groups and right click the Users folder. Select New User. Once you create the user, you can then go to the left pane in the window and expand Local Users and Groups, then, click the Groups folder and double click Remote Desktop Users Group.
How to Disable Remote Desktop via Group Policy Windows Server 2012 R2 for Some Users ( i don't what to all the users to open the Remote Desktop Connection Service Tool in his laptop or desktop).I tried the below ways in GPO:
We can use Group Policy Preferences to (enable or disable) Remote Desktop
Click Start – All programs – Administrative Tools – Group Policy Management.
Create or Edit Group Policy Objects
Expand Computer Configuration – Preferences – Windows Settings.
Right click Registry – New – Registry Item.
General Tab.
Action :Update
Hive :HKEY_LOCAL_MACHINE
Key path : SYSTEMCurrentControlSetControlTerminal Server
Value name : fDenyTSConnections
Value type : REG_DWORD
Value date : 00000000 enable OR 00000001 disable
We can use Group Policy setting to (enable or disable) Remote Desktop
Click Start – All programs – Administrative Tools – Group Policy Management.
Create or Edit Group Policy Objects.
Expand Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Connections.
Allow users to connect remotely using Remote Desktop Services (enable or disable)
To deny a user or a group logon via RDP, explicitly set the 'Deny logon through Remote Desktop Services' privilege.
To do this access a group policy editor (either local to the server or from a OU) and set this privilege:
Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
Find and double click 'Deny logon through Remote Desktop Services'
Add the user and / or the group that you would like to dny access.
Click Ok.
Either run gpupdate /force /target:computer or wait for the next policy refresh for this setting to take effect.
But nothing is working. please help me to solve this issue.
Thanks
Kumar