AWS managed AD - add user RDP permissions

1 minute read

Note: This post is part of a series (Part 2):

Situation: You have an AWS managed AD, some clients, and some AD users. Now the users should be able to log in to servers using RDP.

Problem: Just by creating a user it does not have the appropriate permissions.

Solution: Follow the AWS documentation or watch the AWS youtube video on the subject. This is basically it, with some screenshots and additional notes.

Hint: It’s easiest if you perform thost actions as the DOMAIN\Admin user, so you don’t have to enter that user’s password all the time.

  • if you are paranoid check some local server configurations (it should already be correct though)
  • open AD user / group management
    • create a group
      • e.g. “AD Remote Desktop User” under Users/ in your domain
      • so if your domain is “domain.aws”, create it under “domain.aws/domain/Users/HERE”
    • add the user to the newly created group
  • open group policy editor
    • create new group under “computer configuration / preferences / control panel settings / local users and groups”
      • select Remote Desktop Users (built-in) FROM DROPDOWN!!!
      • add the previously created AD group as members

image: create AD group

create AD group

image: create GPO in AD

create GPO in AD

image: configure AD GPO

configure AD GPO

image: select appropriate group

select appropriate group