Configuring Remote Desktop Users allows IT teams to control who can access systems remotely. Remote access software enables technicians to control devices remotely for troubleshooting, application management, and remediation. However, Remote Desktop can pose security concerns due to security vulnerabilities, so properly managing Remote Desktop Users in Windows effectively allows technicians to provide more secure remote support.
This blog will guide you through the essentials of enabling Remote Desktop Users on Windows and go in-depth on adding or removing users in a group.
Best way to manage Remote Desktop Users in Windows
Before Access to edit user groups requires admin permissions on the system. Remote Desktop also needs to be enabled on the devices to allow remote desktop connections. Also consider the version of Windows you are working with. Lastly, make sure that the version of Windows you’re working with is compatible with Remote Desktop Users Groups. Windows 7 Starter, Windows 7 Home, Windows 8 Home, Windows 8.1 Home, and Windows 10 Home do not support the Remote Desktop client.
How to add a user to Remote Desktop Users Group
How to add a user to Remote Desktop Users group using Windows GUI
- Press Win + R and enter “compmgmt.msc” to open Computer Management.
- Expand Local Users and Groups and then click on Groups.
- Double-click the Remote Desktop Users group in the right panel.
- Select “Add…” and then type in the usernames you want to add. Alternatively, you can go to Advanced > Find Now to browse available accounts.
- When you’re done selecting all the users, click OK to confirm the change.
How to add a user to Remote Desktop Users group using PowerShell
- If you have Administrator privileges, open an elevated Powershell.
- Enter this script below and replace “User” with the username you want to add:
[code block]Add-LocalGroupMember -Group “Remote Desktop Users” -Member “User”[/code block] - You can verify if the user was added by inputting this into PowerShell:
[code block]Get-LocalGroupMember -Group “Remote Desktop Users”[/code block]
How to add a user to Remote Desktop Users group using Command Prompt
- If you have Administrator privileges, open an elevated Command Prompt.
- Enter this code to add a user to the Remote Desktop Users group. Make sure to replace <User> with the username you wish to add:
[code block]net localgroup “Remote Desktop Users” <User> /add [/code block] - Press Enter.
How to remove a user from Remote Desktop Users Group
How to remove a user from Remote Desktop Users group using Windows GUI
- Press Win + R and enter “compmgmt.msc” to open Computer Management.
- Expand Local Users and Groups and then click on Groups.
- Double-click the Remote Desktop Users group.
- Highlight all the users to remove, and then click Remove.
- Apply these changes by clicking “Ok”.
How to remove a user from Remote Desktop Users group using PowerShell
- Open PowerShell as an administrator.
- Enter this script below and replace “User” with the username you want to add:
[code block]Remove-LocalGroupMember -Group “Remote Desktop Users” -Member <Username>[/code block] - To check if the user was successfully deleted, by enter this into PowerShell:
[code block]Get-LocalGroupMember -Group “Remote Desktop Users”[/code block].
How to remove a user from Remote Desktop Users group using Command Prompt
- As an administrator, open an elevated Command Prompt.
- Enter this, but replace <User> with the username you want to add:
[code block]net localgroup “Remote Desktop Users” <User> /delete [/code block] - Press Enter to confirm the user’s removal.
What is the Remote Desktop Users Group?
The Remote Desktop Users group is a user group for Windows devices. It is designed to control who can remotely access endpoint devices via Remote Desktop Protocol (RDP). Members of a Windows Remote Desktop Users Group are given specific permissions to establish remote sessions with a device while still restricting access to core system functions.
Enable your technicians to provide faster remote support by following our guide on Remote Access best practices.
Permissions granted to Remote Desktop Users Group members
Being part of a Remote Desktop Users Group grants the members privileges. Users can log in to remote systems even if they do not have full administrative privileges. Additionally, while members have remote access, the group does not allow them to modify critical system configurations unless their individual accounts have administrator-level privileges.
Security issues caused by improper Remote Desktop User Group management
Unsecure or weak credentials
RDP remote logins require a password to access. However, these passwords can be anything set by the end-user who may not consider password strength. Weak login credential make devices more susceptible to brute force attacks.
Data breaches
Hackers can exploit compromised or poorly managed remote desktop connections to gain unauthorized access to devices. This often leads to a data breach, which can compromise, lose, or expose sensitive files.
Unrestricted port access
Remote Desktop Protocol (RDP) connections typically occur at the host device’s TCP port 3389, which allows hackers to target this port and gain unauthorized access. Improper management of remote desktops leaves this port vulnerable to attacks.
Troubleshooting Windows Remote Desktop Users Group errors
“User Still Unable to Connect” message
Make sure that Remote Desktop is enabled on the host machine. You can do this by navigating to Settings > Remote Desktop. Accounts could also lack the required permissions due to local security policies.
Firewall blocking RDP
Ensure that firewalls on the host or network allow inbound traffic on TCP port 3389.
Errors caused by Group Policy conflicts
Generate a policy report to check if any domain or local group policies conflict with your RDP access settings. Click Win + R and then enter “gpresult /h report.html” to get a report of all your policies.
IP address problems
Check if the remote machine has a static or dynamic IP. You can use “ipconfig /all” via Windows Command Prompt.
Best practices for Remote Desktop access management
Limit RDP access
Follow the principle of Least Privilege Access to prevent any unauthorized RDP access. The fewer users with RDP access, the smaller the attack surface.
Implement 2FA for security
Two-factor authentication (2FA) strengthens remote access security by adding an extra layer of protection.
Consistently update user access permissions
Regularly audit the Remote Desktop Users group so that you can remove accounts that no longer require access.
Frequently Asked Questions (FAQs)
-
Can I add users to the Remote Desktop Users Group remotely?
Yes, but first, you have to ensure you have administrative access to the machine before attempting this. You can use remote management tools like PowerShell or a third-party application such as NinjaOne.
-
What happens if I remove a user from the Remote Desktop Users Group?
Once removed, the user will no longer initiate new remote sessions to the machine. Any active RDP session they have will remain operational until it’s disconnected or the system restarts.
-
Are there alternative ways to manage RDP access?
Yes, there are multiple methods to manage Remote Desktop Users on Windows, such as Active Directory (AD) Group Policies, which allow domain users to control RDP permissions.
Speed up your Windows management and remote desktop processes with NinjaOne’s all-in-one tool.
Not sure what IPConfig is? We’ve got you — hit play!
Easily and quickly manage Remote Desktop Users on Windows
Proactively configuring Remote Desktop Users minimizes the chance of a cyberattack, while also providing technicians with a simpler remote access user experience. Regularly check your Remote Desktop Users group membership to confirm that no unauthorized users have been added.
NinjaOne consolidates Windows endpoint management with remote access software into a single pane of glass, making it more efficient for IT teams and managed service providers (MSPs) to manage at scale. To give IT teams more flexibility, NinjaOne also offers seamless integration with industry-leading remote control tools. In fact, NinjaOne’s customers have seen an average reduction in ticket volumes and resolution time of 94%. Reduce your tech stack while increasing the visibility and control of your devices with NinjaOne. Get started with a free trial today.
