Jump to content

Add Group/Users to Remote Desktop User


ikevin

Recommended Posts

Hey guys, I am just learning how to write batch files to automatically do commands that I want done with each machine I build for the company I work for.

I was wondering, does anyone know a script I can use in a bat file to enable Remote Desktop Users for a windows xp machine and then add two groups to the user list (signicorp\Domain Admins and signicastdomain\Domain Admins)?

All I want is those two groups to be added to the Remote Desktop Connection Users list.

If you need any more details about what I am looking for a solution to, just reply with what you would like to know.

Thank you very much for all your help and support! It is greatly appreciated.

Thanks!

Link to comment
Share on other sites


I got part of an answer... I have been looking into this for about a week or so now..

This is how I do it..

I use a .adm file and import it into my domain group policy to enable Remote Desktop on all my workstations..

Here is the text for the adm file..

CLASS MACHINE
CATEGORY "Remote Desktop Configuration"
KEYNAME     "SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"

POLICY !!DENY_CONNECT
 #if version >= 4
  SUPPORTED !!WinXP
 #endif
 EXPLAIN  !!DENY_CONNECT_EXPLAIN
 ACTIONLISTON
  VALUENAME "fDenyTSConnections" VALUE NUMERIC 1
 END ACTIONLISTON
 ACTIONLISTOFF
  VALUENAME "fDenyTSConnections" VALUE NUMERIC 0
 END ACTIONLISTOFF
END POLICY
End Category

[strings]
WinXP="At least Windows XP Professional or .NET Server"
DENY_CONNECT="Do not allow client connections"
DENY_CONNECT_EXPLAIN="Prevents remote desktop connections to the system."

This part works fine..

As for the users... lemme know if you figure it out... I have been looking into a few WMI scripts but I am no programmer and am having little luck with other peoples pre-made scripts.

Edited by chilifrei64
Link to comment
Share on other sites

Right as I posted I thought of something in my head...

In the same group policy... (or another one if you wish) Go to:

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignments

-> Select "Allow Log on through Terminal Services" -> add your groups

I just tested it at the client I was trying to get it done for.. Works Great!!

Thanks for spuring my thinking process

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...