Fly, Penguin!

I blog so I don't forget.

AWS managed AD - add user RDP permissions

Note: This post is part of a series (Part 2):

Situation: You have an AWS managed AD, some clients, and some AD users. Now the users should be able to log in to servers using RDP.

Problem: Just by creating a user it does not have the appropriate permissions.

Solution: Follow the AWS documentation or watch the AWS youtube video on the subject. This is basically it, with some screenshots and additional notes.

Hint: It’s easiest if you perform thost actions as the DOMAIN\Admin user, so you don’t have to enter that user’s password all the time.

  • if you are paranoid check some local server configurations (it should already be correct though)
  • open AD user / group management
    • create a group
      • e.g. “AD Remote Desktop User” under Users/ in your domain
      • so if your domain is “”, create it under “”
    • add the user to the newly created group
  • open group policy editor
    • create new group under “computer configuration / preferences / control panel settings / local users and groups”
      • select Remote Desktop Users (built-in) FROM DROPDOWN!!!
      • add the previously created AD group as members