Enable Remote Login to AD Users/Group using Restricted Group GPO

Using the Restricted Groups you can set different policies to the Groups of active directory computers.  For example you can provide the admin rights to specific active directory’s security group or users on all the systems in your network using restricted groups from group policy object.

In this article I will show you how you can provide the remote login rights to specific non-administrator users using the restricted groups. For demonstration I   am using my domain controller w7cloud.com and a client machine PC1.w7cloud.com.

Create a GPO and edit that GPO by opening the restricted groups from Computer ConfigurationPoliciesWindows SettingsRestricted Groups.

Right click on Restricted Groups and click on Add group.

Create restricted group

Type the name of Group that you want to control using GPO, in our case since we want to provide the remote login right therefore I type “Remote Desktop Users” and click OK.

Restricted Remote group

Then add the users for whom you want to provide the remote login rights. I have added my HR users you can add yours and click OK.

add members to restricted group

For test you can login with any using user that you have added in restricted remote Group on some domain PC, and there you will find these users in their Remote Desktop users Group.

Remote Desktop users

Note: you can use the “gpupdate” command for quick enforcement of GPO.