# Solved: RDP users access is not Administrator



## plschley (Apr 11, 2007)

I have a permissions issue for a user who needs access to my DC from outside the network. This user needs access to IE so he is able to reach his interface for maintenance of his equipment. 

In Active Directory Users and Computers, under Users, I added a new user and named it RDP, giving a username and password. He can RDP into the DC. For some reason, he does not have any permission to open up IE. When I login from outside the network using his account, I have no problems getting to the DC but I can't access IE as well. I want this account to be limited, not an Administrators account, but this account does need access to Internet Explorer. 

So far this is what I have tried. Under the RDP User Account Properties I created, in the Members Of tab, I added the Builtin Securities Group- Remote Desk Top. Under Start > Admin Tools > Local Security Policy > Security Settings > Local Policy > User Rights > I added this account to Allow logon through Remote Desktop Services. Im struggling on how to give permissions to this user. Any help would be greatly appreciated.


----------



## PK-her0 (Sep 17, 2007)

shouldnt RDP be added to the domain users group?


----------



## Swiper (Mar 14, 2003)

What OS is this user logging into 
2003 or 2008
are they able to launch IE, but not surf ?
or they can't launch IE at all, and if so, what is the error that comes up ?


if they can open up IE, but not browse
do you have valid dns servers on the server for browsing. ( can you ping to something like 8.8.8.8 ? ) (can you ping google.com ? )

if you are getting an error with regards to Internet Explorer Enhanced Security Configuration IE ESC ?
are you allowing this person to actually log into the DC or onto a server through the DC(domain) ?

if this is the error then
in 2003, you need to go to add/remove programs, window components and uncheck IE Security Config
in 2003, under server manager, highlight the Server Manager (the very top)
on the far right about half way down is IE ESC
you need to go in there and allow Administrators and/or Users to access the internet ( or on this window, turn OFF ie esc )


----------



## mtkya (Dec 7, 2012)

What I did was adding the RDP users to a new Group in the AD and then configure the group policy for that particular group.


----------



## plschley (Apr 11, 2007)

Hi everyone, sorry I&#8217;m late. 
Swiper, I&#8217;m setting up RDP on W2008R2 and when I log in as this user I created, I do not get any errors; IE launches right away but closes just as fast. If I long in an admin, all is fine. Based on that, I feel it's a permission issue. 

PK-her0, I considered moving this user account to my Domain Users Group rather than Users. I put the RDP User in the Users Group because the other Admin had put several remote users there. 

Mtkya, how did you set up yours? Do you recall what policies you use? I have found limited information about that too. Like you and Mtkya suggested, I thought about adding a Group in my domain called RDP; put this user there as well. It would be easier to control with group policy there too.Did you have to add the user to the Remote Desktop Users list as well? Any help is always appreciated and thank you.


----------



## plschley (Apr 11, 2007)

Mtkya, what permissions does your RDP users have? Can they use the internet?


----------



## mtkya (Dec 7, 2012)

Yes our RDP users have access to internet. Also try add your terminal users or group to the "Terminal Services configuration -> Permissions"


----------



## plschley (Apr 11, 2007)

I got it to work. I added a new Organizational Unit to the domain and called it RDP_ Group. In there I added a new user with a user name and password and made it part of the security group called RDP Users. I added Remote Desktop and RDP Users to members of and all is well. I will have to add a few policies, but this is a good start. Thank you for all of your help. I appreciate it.


----------

