This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi Team,
I want to understand the risk of adding the "Domain Users" to "Remote Desktop Users" group in Windows Servers.
Regards,
Mahadev
there is no risk literally, but if you set for a RDS cluster whole domain users, potentially, every user that you will create could access to your RDS.
Now, as usually, every RDS user need a license so, it will also be a problem of potentially exausting licenses.
Thank you for the reply!
In our organization we added Domain Users group to "Remote Desktop users" group on multiple windows servers to provide the access to all the users to Citrix VDI (Citrix uses Remote Desktop users group to provide the access). Does this increases a open access and any security risks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 30%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
strange, normally with citrix and vdi you need only to add the group into the "delivery group" trought Studio
M.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 30%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKN%3C/text%3E%3C/svg%3E)
If you are reporting RD CAL in SPLA then you should note that reporting those licenses is based on the "possibility" to connect to a remote server. So if you allow all domain users to remote into a server, you need to report every single domain users with RD CAL regardless of their usage of that remote server