Allow remote desktop connection on a cluster of machines within a domain
Hi - I'm trying to find a simple way to allow remote desktop connections for non-Administrator users on a whole cluster of servers. I have created an Active Directory Domain, and my users belong to it and all are members of the Remote Desktop Services group .... but this is not enough.
I'd rather not go to each server and manually set up the Remote Settings under Computer Management for each user...there must be a smarter way to do this once from the Active Directory Domain Controller server ?
Thanks so much.
Re: Allow remote desktop connection on a cluster of machines within a domain
You just need to click Start > Right-click Computer > Properties on the PC that you want to connect. After that click Advanced System Settings and then click the Remote tab. Under Remote Desktop click 'Allow connections from computers using any version of Remote Desktop' and then click Select Users. Click Add and add the username of the PC that wants to connect to that machine. Alternatively you can also use a software such like the CrossLoop.
Re: Allow remote desktop connection on a cluster of machines within a domain
Thank you. But I have 20+ servers and would like to avoid applying this setup to every one of them ... isn't there something to be done at the Domain Security level itself that would save me the time and burden of repeating this on all the servers ?
Re: Allow remote desktop connection on a cluster of machines within a domain
You can try to enable them with a simple registry edit.
The XML for WPKG will look like this:
Code:
<package
id="remotedesktop"
name="Remote Desktop"
revision="1"
reboot="false"
priority="0">
<check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections" value="0" />
<install cmd='reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f"' />
<upgrade cmd='reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f"' />
<remove cmd='reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f"' />
</package>
This will allow you to log on as Administrator (either domain or local) using Terminal Sessions. If you want to enable Terminal Sessions for other, non-Administrator users, then this cannot be done in the registry, but with the command net group "Remote Desktop Users" /add usernamehere.