Yes if a user is in the Remote Desktop Users group then he can log on, start the desktop and run applications.
By default, members of the Administrators group have this right on domain controllers, workstations, and servers. The Remote Desktops Users group also has this right on workstations and servers.
To control who can open a Remote Desktop Services connection and log on to the device, add users to or remove users from the Remote Desktop Users group.
You can adjust this by using this policy.
Allow log on through Remote Desktop Services
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services
Hope this resolves your Query!!
--------------
--If the reply is helpful, please Upvote and Accept it as an answer--