0

I have a Windows Server 2008 and I want to allow a user group in AD to be able to remotely access a certain computer inside the network (not the server). Is that even possible? Or I can only specify who can access the server itself? I've been searching for hours and every article is about how to access the server.

For example I have two groups: salesman and clerk, and I have two computers: pc1 and pc2. Both groups use both computers, what I want to do is to give "salesman" right to remote desktop from pc1 to pc2.

  • Update - I'm not trying to remotely access my computer through the internet, only from inside my local network.
Improve this question
5
  • "Is that even possible?" - Yes; It is possible;
    – Ramhound
    Commented Nov 16, 2016 at 18:35
  • And can you tell me how?
    – roberto
    Commented Nov 16, 2016 at 18:39
  • I know nothing about your Windows Server 2008 configuration. You would have to assign each computer its own public ip address, or connect to each computer on a different port, and forward all traffic on that port to that computer. Might be easier to use third-party software designed to make this easy. I have no recomendations for those services, but they are well documented, I suggest one of those instead.
    – Ramhound
    Commented Nov 16, 2016 at 18:48
  • The first question to address is, how is AD going to know which computer belongs to the user? It won't, unless you have some sort of custom field in the user or computer account. Usually this is a manual process of adding users to the Remote Desktop Users local group on the computer in question.
    – GuitarPicker
    Commented Nov 16, 2016 at 19:56
  • Sorry for not being clear! I edited my question.
    – roberto
    Commented Nov 16, 2016 at 20:11

3 Answers 3

Reset to default
0

this article explains how to do that with Remote Desktop by using your server as the Remote Desktop Gateway.

Building a Remote Desktop Gateway (RDG) / RD Gateway Server - Ray Heffer https://www.rayheffer.com/building-a-remote-desktop-gateway-rdg-rd-gateway-server/

if that does not workout well, consider purchasing a solution like team viewer.

*Keep in mine that this article does not cover how to port forward TCP port 443 to your server, but it is required for this solution to work.

Improve this answer
1
  • Welcome to Super User! Please quote the essential parts of the answer from the reference link(s), as the answer can become invalid if the linked page(s) change.
    – DavidPostill
    Commented Nov 17, 2016 at 11:53
0

For 1 PC on your internal network, you might go with a manual setup.

For Windows 7, go into Computer - properties - remote settings - remote If you can modify the RDP entries on this page, select enable and then select users to specify which group can use RDP. Depending on firewall and security rules, you might be done.

If it is set to don't allow connections and you can not change it, then that means AD is stopping you. You may need to move the workstation into a different OU, make a modification to GPO or something else at the AD level to get it to work.

Improve this answer
0

This article will guide you how to grant access to a group / user to connect remotely to another computer through GPO Enable Remote Desktop through gpo

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .