I am relatively new to Windows Server and would like someone to confirm if my understanding of the permissions required for users to logon to a Windows 2008 R2 server on a Windows domain is correct:
1.Anyone in the administrators group can log into the server physically at the server or through a remote mstsc window by specifying their username in Logon window.
2.The Administrators group can do everything the other groups can
3.Anyone in the Remote Desktop group can run mstsc from a client computer and see the server's log on screen
4.Anyone in the users group can log onto the server at its login screen
So therefore the following scenarios are true
user DOMAIN\JOHN is in the Remote Desktop Users on DOMAIN\SERVER1 group but not the users group on that server. User DOMAIN\JANE is in the users group but not the Remote Desktop Users group.
John can start an mstsc from DOMAIN\PC1 as DOMAIN\JOHN and he will see the login screen but will not be able to sign in as DOMAIN\JOHN however, could sign in as DOMAIN\JANE
user DOMAIN\JAMES is in the Administrators Group on DOMAIN\SERVER1 but not in the users or Remote Desktop Users group. He will be able to start an mstsc session on DOMAIN\SERVER1 from DOMAIN\PC2 as DOMAIN\JAMES and see the login screen and login as DOMAIN\JAMES
user DOMAIN\JACK is in the users group on DOMAIN\SERVER1 but not in the Remote Desktop Users group. Jack can gain access to the server but only through physical access to the server itself (because he cannot get to the server via RDP)
USER DOMAIN\JILL is logged into DOMAIN\PC1, runs mstsc, enters the username DOMAIN\JOHN in the Logon settings of mstsc, sees the server login screen and enters DOMAIN\JANE and the server desktop appears
Sorry if this seems fairly trivial but it is my understanding from a bit of reading and it would be great if someone could confirm if I am correct