Query regarding what gives users permisson to log onto Windows Server

by stevee1986   Last Updated February 23, 2017 13:00 PM

I am relatively new to Windows Server and would like someone to confirm if my understanding of the permissions required for users to logon to a Windows 2008 R2 server on a Windows domain is correct:

1.Anyone in the administrators group can log into the server physically at the server or through a remote mstsc window by specifying their username in Logon window.

2.The Administrators group can do everything the other groups can

3.Anyone in the Remote Desktop group can run mstsc from a client computer and see the server's log on screen

4.Anyone in the users group can log onto the server at its login screen

So therefore the following scenarios are true

  1. user DOMAIN\JOHN is in the Remote Desktop Users on DOMAIN\SERVER1 group but not the users group on that server. User DOMAIN\JANE is in the users group but not the Remote Desktop Users group.

    John can start an mstsc from DOMAIN\PC1 as DOMAIN\JOHN and he will see the login screen but will not be able to sign in as DOMAIN\JOHN however, could sign in as DOMAIN\JANE

  2. user DOMAIN\JAMES is in the Administrators Group on DOMAIN\SERVER1 but not in the users or Remote Desktop Users group. He will be able to start an mstsc session on DOMAIN\SERVER1 from DOMAIN\PC2 as DOMAIN\JAMES and see the login screen and login as DOMAIN\JAMES

  3. user DOMAIN\JACK is in the users group on DOMAIN\SERVER1 but not in the Remote Desktop Users group. Jack can gain access to the server but only through physical access to the server itself (because he cannot get to the server via RDP)

  4. USER DOMAIN\JILL is logged into DOMAIN\PC1, runs mstsc, enters the username DOMAIN\JOHN in the Logon settings of mstsc, sees the server login screen and enters DOMAIN\JANE and the server desktop appears

Sorry if this seems fairly trivial but it is my understanding from a bit of reading and it would be great if someone could confirm if I am correct



Related Questions


Windows Server 2008 r2 security permissions

Updated December 20, 2017 12:00 PM