Home > Software design >  Windows Server AD 2022 - Add a domain user to the local group "Remote Desktop Users" via G
Windows Server AD 2022 - Add a domain user to the local group "Remote Desktop Users" via G

Time:07-08

I must add a domain user to the local group "Remote Desktop Users" via GPO.

And since I'm building Domain Controller images in an automated way, I want to create a policy to set a domain user as part of the Remote Desktop Users local group of each domain joined Windows client machine using PowerShell.

I've been trying to manage the Restricted Groups from a GPO via PowerShell, but without success. I found the following code, but it returns only a .xml that I can check the groups located at the Restricted Groups from a GPO. https://social.technet.microsoft.com/Forums/en-US/a956c361-3852-4ec2-a6e3-15475e67bdaa/listing-gpo-restricted-groups-with-powershell?forum=winserverpowershell

If there's a way to export the GPO as .XML or any other format and edit it and import that changes, it would be also fine.

Another forum that I found and it's a good solution but it's still manually, is the following one. I'd like to automate that steps via PowerShell, but it has been hard to do. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/using-group-policy-preferences-to-manage-the-local-administrator/ba-p/259223

Please, does anyone know some automated way to create a GPO that includes a domain user to a local group?

Thanks all!

CodePudding user response:

   Try **Invoke-Command** and **Add-LocalGroupMember**

ForEach ($ServerName in $Servers)
{    
   Invoke-command -ComputerName $ServerName -ScriptBlock {Add-LocalGroupMember -Group "Remote Desktop User" -Member "Admin02", "MicrosoftAccount\[email protected]", "AzureAD\[email protected]", "CONTOSO\Admins"}
}

CodePudding user response:

https://social.technet.microsoft.com/wiki/contents/articles/20402.active-directory-group-policy-restricted-groups.aspx

Create new GPO: Computer Configuration / Policies / Windows Settings / Security Settings / Restricted Groups

or if neecessary is done by powershell script create GPO Configuring PowerShell Startup Scripts with Group Policy

and launch script:

Add-LocalGroupMember -Group "Remote Desktop User" -Member "Admin02", "MicrosoftAccount\[email protected]", "AzureAD\[email protected]", "CONTOSO\Admins"
  • Related