I created a GPO for the purposes of allowing a group to log on remotely to member servers.
I assigned the group (and domainadministrator domaindomain admins) the allow logon through terminal services permission and linked the GPO to the OU with the member servers
I forced gpupdate on one of the member servers and verified in local group policy that required domain group appeared next to the Allow log on through Terminal Services permission.
I rdp’ed to the server with an account that is a member of the domain group and got a message saying that I dont have the right to log on remotely.
If i log into the server as admin and go to system properties, remote tab and click on select remote users… the domain groups dont appear in there. If i add the group in manually then members of that group can then log in.
Am i missing somethign here? I thought the point of GP was to automate this..
Perhaps i’m doing something wrong…