Windows/Server: Difference between revisions

Active Directory

• Rename server

Rename-Computer -NewName "RDS" -Restart

• Server Manager -> Add roles -> Active Directory Domain Services + DNS

Install-WindowsFeature AD-Domain-Services, DNS -IncludeManagementTools

• Active Directory -> Promote -> Add new forest (ad.example.de)

Install-ADDSForest -DomainName "ad.example.com" -DomainNetbiosName "AD"

Remote Desktop Services

• Add user group

Import-Module ActiveDirectory
New-ADGroup "RDS allow log on" -GroupScope Global -GroupCategory Security

• Install role

Install-WindowsFeature RDS-RD-Server,RDS-Licensing -IncludeManagementTools
Restart-Computer

• Group Policy Management
  • Forest → Domains → ad.example.de → Right click: Domain Controllers → Create GPO: "RDS"
  • Right click: "RDS" → Edit
    • Computer Configuration → Policies → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Licensing
      • Use the specified Remote Desktop license servers: Enable and add Server FQDN
      • Set the Remote Desktop licensing mode: Per User
    • Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → User Rights Assignment
      • Allow log on through Remote Desktop Services → add "RDS allow log on"
• Update policies

gpupdate

• Verify policies
  • "secpol"

• Enable users - Add users to groups:
  • Remote Desktop Users
  • RDS allow log on