Hi Jamie, Thanks for tip. Works a treat! Regards, Robert Mariani From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie Sent: Wednesday, 15 October 2008 1:22 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: RDP Via GPO Why don't you just use Restricted Groups policy to add "Normal Staff Members" to the "Remote Desktop Users" group? Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Robert Mariani Sent: Monday, October 13, 2008 10:54 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] RDP Via GPO Hi All, I'm having a bit of trouble getting RDP via GPO to work connecting to XP clients as normal domain users. I have created a GP with the following settings that applies to the Computer object in the AD Computer/Policies/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow logon through TS: <domain>\Domain Admins, <domain>\Normal Staff Members, BUILTIN\Remote Desktop Users, BUILTIN\Administrators. Computer/Admin Templates/Windows Components/Terminal Services/Terminal Server/Connections/Allow users to connect remotely using Terminal Services: Enabled The users that I want to logon remotely as are part of the "Normal Staff Members". The message I get after logging in as the user is Domain admin can login ok and also if I manually add the user to the local Remote Desktop Users group. Any ideas? Regards, Robert Mariani ________________________________ Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.