Remote Desktop Access to terminal servers (Windows 2008 is called RDS, remote destop services) is a frequently used deployment method for customers with poor network conditions.
In general, the terminal server is deployed separately from the domain server. If you add RDS to the domain server, a warning will be given for security reasons, such as being insecure, however, you can purchase a server for testing or small companies. The so-called all in one box...
If you deploy apsaradb for RDS on the Domain Server, by default, only users in the domain administrator group can access the server through remote desktop, even if you add users to the Remote Desktop Users group, the following message is displayed during logon:
This is because on the Domain Server, the Remote Desktop Users group does not have the permission for remote access by default, although the name is quite the same. Remote access is granted by default only on non-domain controllers.
Solution:
Modify the Group Policy to allow remote access.
1. Open gpmc
Run-> enter gpmc. MSC
2. Modify the default Domain Policy
3. Add the Administrator group and Remote Desktop Users to the allowed list.
4. Running gpupdate is a group policy that takes effect.