To centrally enable Remote Desktop using Group Policy
1. To open Group Policy Management Console (GPMC), click Start, click Run, and then type GPMC.msc.
2. Create and link a GPO to the terminal server OU.
3. Right-click the GPO linked to the terminal server OU, and then click Edit.
4. In Computer Configuration\Administrative Templates\Windows Components\ Terminal Services, double-click the Allow users to connect remotely using Terminal Services policy setting.
5. Click Enabled.
6. Click OK.
When you enable Remote Desktop on a computer, you enable the capability for other users and groups to log on remotely to the computer. However, you must also decide which users and groups should be able to log on remotely, and then manually add them to the Remote Desktop Users group. Domain administrators automatically have the ability to log on remotely to the terminal server. Do not add domain administrators to the Remote Desktop Users group.
To add a domain group to the Remote Desktop Users group via Group Policy
1. To open Group Policy Management Console, click Start, click Run, and then type GPMC.msc.
2. Create and link a GPO named Restricted Groups to the Domain Controller OU.
3. Right-click the Restricted Groups GPO linked to the Domain Controller OU, and then click Edit.
4. Select Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
5. Right-click Restricted Groups and then click Add Group.
6. Click Browse, type Remote Desktop Users in the Enter the object names to select text box and then click Check Names.
8. Click the Remote Desktop Users group and then click OK.
9. Click OK in the Add Groups dialog box to close it. The Remote Desktop Users Properties dialog box is then displayed.
10. Click Add in the Members of this group section of the dialog box.
11. Click Browse.
12. Type the name of the domain group in the Select Users or Groups dialog box. Click Check Names, and then click OK to close this dialog box.
13. Click OK to close this dialog box to finish adding the domain group to the Remote Desktop Users group.