[Samba] Is there have simplest way to make domain users which in remote desktop group can remote/local logon the workstation ?

Tim rintimtim at gmx.net
Sun Dec 21 04:42:29 MST 2014

What do you want: User should logon remote to windows workstations or do you want a remote login to your server?

For remote logon on windows workstations you need a group policy linked to the ou of your workstations. As far as I remember - I don't have a AD at home - you will have to create a new group e.g. GGX-Remotedesktop (abbreviation for Group Global Execute).
This group will become member of the local Remotedesktop Group by a setting in the restricted group of a GPO. Your created GGX group must also get the rights to logon to terminalserver sessions.
Unfortunately I don't know the term/setting in English. My GPOs are in german. But you will find it in the user rights assignments of a GPO.

If you want a remote logon to your server it's necessary to know why users should logon to the server. Then we could possibly help.

Am 21. Dezember 2014 04:14:37 MEZ, schrieb Dongsheng Song <dongsheng.song at gmail.com>:
>On Sat, Dec 20, 2014 at 4:15 PM, Tim <rintimtim at gmx.net> wrote:
>> Then I would do it with a group policy. Have a look right here:
>> http://technet.microsoft.com/en-us/library/ee791928(v=WS.10).aspx
>> Remind that you leave the default policies untouched. Create a new
>GPo and
>> link it to your desired OU.
>After put domain users in the remote destop group in the DC, these
>users still can't logon workstation via remote desktop, it's a very
>strange design. Maybe we can make samba-tool fix it by certain
>parameter ?
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list