After we have deployed and configured our Remote Desktop Session Host, we must configure user security and access settings for Remote Desktop Session services. We will define these settings as a Group Policy Object.

1. First we will create an Organizational Unit (OU) for our RDS Hosts. Log on as the Administrator to your Active Directory Domain Controller. Launch Active Directory Users and Computers and highlight the domain.

2. Right click on target domain and go to New -> Organizational Unit

3. Fill in a name for your Organizational Unit and click OK.

4. Under your domain, you will see that the OU Group was created. Click on the Computers folder for your domain, highlight the Computer Names for your RDS Host(s), and drag and drop them to your new OU Group. A warning message will appear. Click Yes.

5. Click on the Organizational Unit (OU) Group that you created to verify that all your Remote Desktop Session Hosts are now part of the OU Group.

6. Launch the Group Policy Management utility. Expand the tree hierarchy for your domain and highlight the RDS Host Organizational Unit (OU) Group that you created in the previous steps.

7. Right click on the OU Group and select Create a GPO in this domain, and Link it here…

8. Enter a name for the new GPO and click OK.

9. A Group Policy Management Console warning will appear about GPO links. Click OK.

10. Right click on your Group Policy Object, and click Edit…

11. You will now be in the Group Policy Management Editor for your Remote Desktop Session Host policy. Navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment. Click on Allow log on locally.

12. The Allow log on locally Properties menu will appear. Ensure the checkbox for Define these policy settings is checked and click on Add User or Group…

13. Now you will define which users and/or groups you will give access to allow local log on. Click Browse.

14. Enter the names of the user or groups that you will allow access in the Enter the object names to select box and click OK.

15. Verify that you are adding the correct users and/or groups then click OK.

16. Verify that you have added all the users and/or groups you wish to authorize and click OK. If you need to add additional users and/or groups click on Add User or Group… to go through the previous menus and make the necessary changes.

17. You will return to the Group Policy Management Editor. Click on the policy Allow log on through Remote Desktop Services.

18. The Allow log on locally Properties menu will appear. Ensure the checkbox for Define these policy settings is checked and click on Add User or Group…

19. Now we will define which users and/or groups we will allow for this policy. Click on Browse.

20. Enter the names of the user or groups that you will allow access in the Enter the object names to select box and click OK.

21. Verify that you are adding the correct users and/or groups then click OK.

22. Verify that you have added all the users and/or groups you wish to authorize and click OK. If you need to add additional users and/or groups click on Add User or Group… to go through the previous menus and make the necessary changes.

23. You will return to the Group Policy Management Editor. Navigate to Computer Configuration -> Policies -> Administrative Templates: Policy definitions (ADMX files) retrieved from the local machine. -> System -> Group Policy. Click on the policy Configure user Group Policy loopback processing mode.

24. Click Enabled to enable this policy. Click OK.

25. You will return to the Group Policy Management Editor. Verify that your policy is enabled by ensuring the that value for state for the policy has changed to Enabled.

26. Now you may close the window for the Group Policy Management Editor. You will return to the Group Policy Management window.

Now you have successfully configured the Group Policy Settings for user access to Remote Desktop Session services.