AWS managed AD - add user RDP permissions
Note: This post is part of a series (Part 2):
- Part 1: AWS managed AD - first steps after creation
- Part 3: Standard AD - auto-map a network drive
- Part 4: (AWS managed) AD - give local admin rights to domain users
Situation: You have an AWS managed AD, some clients, and some AD users. Now the users should be able to log in to servers using RDP.
Problem: Just by creating a user it does not have the appropriate permissions.
Solution: Follow the AWS documentation or watch the AWS youtube video on the subject. This is basically it, with some screenshots and additional notes.
Hint: It’s easiest if you perform thost actions as the DOMAIN\Admin
user, so you don’t have to enter that user’s password all the time.
- if you are paranoid check some local server configurations (it should already be correct though)
- open AD user / group management
- create a group
- e.g. “AD Remote Desktop User” under Users/ in your domain
- so if your domain is “domain.aws”, create it under “domain.aws/domain/Users/HERE”
- add the user to the newly created group
- create a group
- open group policy editor
- create new group under “computer configuration / preferences / control panel settings / local users and groups”
- select
Remote Desktop Users (built-in)
FROM DROPDOWN!!! - add the previously created AD group as members
- select
- create new group under “computer configuration / preferences / control panel settings / local users and groups”