I can't grant terminal access to users in GPO
I am using 4 servers in OU "TermServ", and I would like to grant terminal access to these servers to some users by GPO. I am trying to create a new GPO "terminal_access" in OU "TermServ" and give a next access right. After that I execute gpupdate /force. But if I am trying to connect by RDS to one of these servers it give me an error that I must have Terminal Server User Access permissions. In gpresult -v on these servers I see that my GPO was applied successfully:
GPO: terminal_access
Policy: RemoteInteractiveLogonRight
Computer Setting: Administrators
Domain\Domain Admins
Domain\TestTermUser
But when I add user for Test locally to group Remote Desktop Users, its fine, but I want to add this user through GPO. So, can anyone tell me how to do that? Thanks.
Re: I can't grant terminal access to users in GPO
The user right RemoteInteractiveLogonRight is the only one part of being able to log into a TS server that has remote login enabled. The other part is the permissions in the TS config, which you can connect to in the properties of the RDP in the TS confid mmc. It was the later versions of the OS which is pre-populated with the group Remote Desktop Users, hence adding you domain user to that group allowed login. You can define a domain group to hold the domain accounts that should be allowed TS login and then add this domain group to the Remote Desktop Users by a restricted group definition in GPO.
Re: I can't grant terminal access to users in GPO
I dont know but it should have been working. Did you try to perform a gpresult or rsop.msc to examine how the GPOs applies to the system? Otherwise I would have recommend examine how the GPOs applies to the system? Otherwise I would recommend to use Restricted Groups within a Group Policy to add another Group within AD to the local Remote Users group, have you though about that option?