Cấp quyền cho User trên Acitve Directory được phép remote đến các máy client join AD

Step 1:​​ Định Nghĩa Group

Tạo 1 group có tên​​ IT_Admins

• Log onto a Domain Controller

• Right click Users, New->Group->Security Call it IT_Admins

• Add the proper members. I will add myself, Optimus, and Zelda.

Step 2: Tạo Group Policy.

Next you need to create a group policy or use the default Domain Policy (not recommended). For this example I am creating a separate policy called Local Administrators

• Open Group Policy Management Console

• Right click your domain or OU.

• Click Create a GPO in this domain, and link it here.

• Call it Local Administrators

• You should see the policy in the tree now.

Step 3: Sửa policy cho IT_Admins group

• Right click Local Administrators Policy.

• Expand Computer configuration\Policies\Windows Settings\Security Settings\Restricted Groups

• In the Right pane of Restricted Groups, Right click and hit Add Group...

• Type IT_Admins and hit 'OK"

• Click Add under This group is a member of:

• Add the Administrators Group.

• Add Remote Desktop Users 8 OK

*NOTE: When adding groups, you can add whatever you want, the GPO will match the group on the PC, if you type Princess it will match a local group called princess if it exists and put IT_Admins in that group. **NOTE: If you chamge Members of this group: it will overwrite the accounts you set up in step 1.

Step 4: Test RDP

Để truy cập được RDP client ngay lập tức trên máy client tiến hành mở CMD với quyền administrator

Hoặc đợi 15 phút để cho cấu hình trên AD được áp xuống client

Tham khảo:

https://community.spiceworks.com/how_to/907-gpo-to-push-out-local-administrators-across-a-domain