Using the Restricted Groups you can set different policies to the Groups of active directory computers. For example you can provide the admin rights to specific active directory’s security group or users on all the systems in your network using restricted groups from group policy object.
In this article I will show you how you can provide the remote login rights to specific non-administrator users using the restricted groups. For demonstration I am using my domain controller w7cloud.com and a client machine PC1.w7cloud.com.
Create a GPO and edit that GPO by opening the restricted groups from Computer ConfigurationPoliciesWindows SettingsRestricted Groups.
Right click on Restricted Groups and click on Add group.
Type the name of Group that you want to control using GPO, in our case since we want to provide the remote login right therefore I type “Remote Desktop Users” and click OK.
Then add the users for whom you want to provide the remote login rights. I have added my HR users you can add yours and click OK.
For test you can login with any using user that you have added in restricted remote Group on some domain PC, and there you will find these users in their Remote Desktop users Group.
Note: you can use the “gpupdate” command for quick enforcement of GPO.