GPO Editor
Atributos alterados:
Nó Computer Configuration:
+ Windows Settings
+ Security Settings
+ Local Policies
+ User Rights Assigment
- Allow log on through Terminal Services
|X| Define these policy settings:
* Adicionar o grupo que deve ter acesso remoto ao computador
- Administrative Templates
+ Network
+ Network Connections
+ Windows Firewall
+ Domain Profile
- Windows Firewall: Allow inbound Remote Desktop exceptions = ENABLED
+ Windows Components
+ Terminal Services
+ Terminal Server
+ Connections
- Allow user to connect remotely using Terminal Services = ENABLED
e agora o segredinho:
wmic RDPermissions Where "TerminalName='RDP-Tcp'" Call AddAccount "dominio\grupo",2
* Faça um script .BAT e chame pela mesma GPO no startup da maquina.
depois de feito tudo isso:
gpupdate /target:computer /force
Testei esta GPO com XP, Windows 7.
Bibliografia:
Microsoft´s Remote Desktop Services (RDS) Team Blog
Microsoft´s Windows Management Instrumentation (WMI) Start Page
Microsoft´s WMI Code Creator
The Daily Reviewer | non-admin users connect to remote desktop