Managing Terminal Services users
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Managing Terminal Services Users
Each user who logs on to a Terminal Services session must have a user account either on the server or in a domain on the network that the server is on. The Terminal Services user account contains additional information about the user that determines when users log on, under what conditions, and how specific desktop settings are stored. Windows Server 2003 family operating systems contain a built-in User group called Remote Desktop Users, which is used to manage Terminal Services users.
About the Remote Desktop Users group
When you install one of the Windows Server 2003 family operating systems, the Remote Desktop Users group is one of the built-in user groups on your computer. Members of this group have the same access as members of the Users group, but they have the additional ability to log on remotely to the computer.
By default, this group is not populated when you install Terminal Server on your computer. You must choose the users and groups that you want to have permission to log on remotely to the terminal server, and manually add them to the Remote Desktop Users group. This increases the security of remote connections, and also allows you to install any required programs before users start connecting to the terminal server.
The Select Remote Users button on the Remote tab of the System Properties dialog box allows you to add users to the Remote Desktop Users group. However, if a server running a Windows Server 2003 family operating system is being used as a domain controller in a Windows 2000 domain, this button is disabled. This domain controller can have domain groups, but not local groups, so in this situation you cannot use this button to add users to the Remote Desktop Users group.
For information on how to add users to the Remote Desktop Users group, see Add users to the Remote Desktop Users group.