![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 53%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,052 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
To accomplish your requirements using Group Policy on a Windows Server 2016 domain, you'll need to configure two separate Group Policy settings:
Enable Remote Desktop Access:
- This setting will enable Remote Desktop on the computers within the specified Organizational Unit (OU).
Allow Remote Desktop Access for a Select Security Group:
- This setting will allow members of the specified security group to connect via Remote Desktop to the computers within the OU.
Here's how to configure these settings:
- Enable Remote Desktop Access:
- Open Group Policy Management Console (GPMC) on your domain controller.
- Create a new Group Policy Object (GPO) or edit an existing one linked to the OU containing the computers where you want to enable Remote Desktop.
- Navigate to:
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections. - Double-click on the "Allow users to connect remotely using Remote Desktop Services" policy.
- Select the "Enabled" option, and then click "OK" to save the changes.
- Close the Group Policy Management Editor.
- Allow Remote Desktop Access for a Select Security Group:
- Still within the same Group Policy Object (GPO) as above, navigate to:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups. - Right-click on "Restricted Groups" and choose "Add Group."
- In the "Group" field, type the name of the security group you want to grant Remote Desktop access to, and then click "OK."
- In the "This group is a member of" section, click "Add" and specify the group "Remote Desktop Users." This is the built-in group that grants Remote Desktop access.
- Click "OK" to close the dialog.
- Close the Group Policy Management Editor.
Apply the Group Policy:
- Link the Group Policy Object (GPO) you configured to the Organizational Unit (OU) containing the target computers.
- Optionally, force a Group Policy update on the target computers using the
gpupdate /forcecommand or wait for the next refresh interval.To accomplish your requirements using Group Policy on a Windows Server 2016 domain, you'll need to configure two separate Group Policy settings:- Enable Remote Desktop Access:
- This setting will enable Remote Desktop on the computers within the specified Organizational Unit (OU).
- Allow Remote Desktop Access for a Select Security Group:
- This setting will allow members of the specified security group to connect via Remote Desktop to the computers within the OU.
- Enable Remote Desktop Access:
- Open Group Policy Management Console (GPMC) on your domain controller.
- Create a new Group Policy Object (GPO) or edit an existing one linked to the OU containing the computers where you want to enable Remote Desktop.
- Navigate to:
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections. - Double-click on the "Allow users to connect remotely using Remote Desktop Services" policy.
- Select the "Enabled" option, and then click "OK" to save the changes.
- Close the Group Policy Management Editor.
- Allow Remote Desktop Access for a Select Security Group:
- Still within the same Group Policy Object (GPO) as above, navigate to:
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups. - Right-click on "Restricted Groups" and choose "Add Group."
- In the "Group" field, type the name of the security group you want to grant Remote Desktop access to, and then click "OK."
- In the "This group is a member of" section, click "Add" and specify the group "Remote Desktop Users." This is the built-in group that grants Remote Desktop access.
- Click "OK" to close the dialog.
- Close the Group Policy Management Editor.
- Link the Group Policy Object (GPO) you configured to the Organizational Unit (OU) containing the target computers.
- Optionally, force a Group Policy update on the target computers using the
gpupdate /forcecommand or wait for the next refresh interval.
- Enable Remote Desktop Access:
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 75%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUZ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 13%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)