On ubuntu I can set up a server to only allow a group of users to log in and allow that group to su
and control e.g. a webserver user. Is there a way for me to replicate that flow with Windows, LDAP and remote desktop?
My goal is to have my group of users use their own username and password when RDP-ing instead of knowing that machine's username and password. But allowing them to see and manage one desktop. I guess a VNC like solution with LDAP authentication would work. Though I'm wondering if Windows has support out of the box in Windows8 or 2012.
To clarify - I don't want the users logging in to have their own desktop on that machine. And I don't want a shared user that everyone knows its password. I.e. the shared user would be preferably password-less, or at least the shared user password wouldn't be needed to impersonate it.