Manage remote desktop policy and permissions
By default, remote desktop access is only granted to Administrators and only if Remote Desktop is enabled on the target machine. To grant access to other users, or change the users or groups with remote desktop permission follow the steps below.
If permissions aren't properly granted, you may receive one of the error messages outlined in the logon access policy and permission errors topic.
Grant terminal services log on permission
To grant log on permission for a user, perform the following steps:
- Run gpedit.msc to open the Group Policy editor
- Navigate to the following location:
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment - Double-click the "Allow logon through Terminal Services" item
- Add the account in question to the list of allowed users
Enable remote desktop for user
To add a user to the remote desktop allowed user list, perform the following steps:
- Open the System Properties control panel applet
- Select the Remote tab
- Click the Select Users button
- Click the Add button in the dialog that appears
- Select the user and click the OK button
Enable remote desktop access for a machine
If you have physical access to a machine, you can enable remote desktop access by performing the following steps:
- Open the System Properties control panel applet
- Select the Remote tab
- Select the radio button to enable Remote Desktop
If you don't have physical access, you can follow the steps outlined in the remotely enable Remote Desktop topic.