This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 73%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hi,
I have a user group called "Remote desktop users" which i need to add in "allow log on locally" section of User Rights Assignment in gpedit.
Following are the steps to do it manually.
This I want to achieve via powershell script.
Please help me with any suggestions.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
Is there any update? Have you got a chance to verify the below suggestions?
Please feel free to let us know if more assistance is needed. If the reply is helpful, please “Accept Answer” to help other community members find it more easily.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 28.000000000000004%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Why do you have "Remove-Item -Path $tmp" at the end ...Should be it be add-Item -Path $tmp?
Hi,
You can set the security group policy using secedit.
$user = "Remote desktop user"
$tmp = [System.IO.Path]::GetTempFileName()
secedit.exe /export /cfg $tmp
$settings = Get-Content -Path $tmp
$account = New-Object System.Security.Principal.NTAccount($user)
$sid = $account.Translate([System.Security.Principal.SecurityIdentifier])
for($i=0;$i -lt $settings.Count;$i++){
if($settings[$i] -match "SeInteractiveLogonRight")
{
$settings[$i] += ",*$($sid.Value)"
}
}
$settings | Out-File $tmp
secedit.exe /configure /db secedit.sdb /cfg $tmp /areas User_RIGHTS
Remove-Item -Path $tmp
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.