Articles on: Secure RDP

How to use Group Policy to systematically allow TruGrid Users and Computers RDP access

Overview

For each remote machine that needs to be connected to via TruGrid, it must have Remote Desktop Connections allowed and this is not something that is enabled by default. The same can be done for Users.

In this article we will cover how to configure that members of TruGrid related groups (TG-USERS and TG-COMPUTERS) have their Remote Desktop access programmatically set up.


This article is written for client System Administrators. This procedure, if not followed correctly, could expose your network to security risks, so please proceed with caution.


For a reduced scope, please see this article covering how to do this on individual machine basis.


Creating the Computer policy

This policy will ensure that Remote Desktop service is enabled for all TG-COMPUTERS member devices.


  1. On your Company's Domain Controller, navigate to "Group Policy Management" and create a new Group Policy. Please choose a descriptive name (ie. TruGrid RDP Policy)
  2. Navigate to: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and make sure that the Setting is "Enabled".

  1. Navigate to: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security and make sure the setting: “Require user authentication for remote connections by using Network Level Authentication” is enabled.

  1. Make sure the policy is set to target the "TG-Computers" security group and that it is linked to the domain in a position that will allow it to apply to all the PC's that might need it. It's important to target the policy at only the group of PC's that need it, if it is left targeted to the entire domain it could pose as security risk.

Creating the User policy

This policy will ensure that Remote Desktop service is enabled for all TG-COMPUTERS member devices.


  1. In the same GPO editor, navigate to: Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups
  2. Right-click in the right pane and select New > Local Group.
  3. Configure the group entry: Action: UpdateGroup name: Select Remote Desktop Users (built-in) from the dropdownUnder Members, click Add, **Enter the domain-qualified group name: **YOURDOMAIN\TG-USERS, **Click **OK
  4. Click OK to save the preference item.

Updated on: 13/04/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!