You may use the following Group Policy Object (GPO) settings to configure the Remote Desktop Protocol (RDP) settings in a Windows Server 2003 R2 Active Directory (AD) domain.
To configure the Remote Desktop Protocol settings open the Group Policy Management Console (GPMC) and create a Group Policy. This may be done by right clicking the Group Policy Objects organizational unit (OU) and selecting New. Additionally, you may right click the OU that contains the desktop(s) of your user(s) and selecting Create a GPO in this domain, and Link it here…. In the new New GPO dialog box name the GPO Remote Desktop Protocol. Right click the newly created GPO and select Edit…from the context menu. Once the GPO opens navigate to the following setting.
Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
Enable the setting to “Allow users to connect remotely using Remote Desktop Services“.
Additionally, you may add users or groups to the BUILTIN\Remote Desktop Users group. This will allow all of the users in that group to utilize Remote Desktop Services. To do so, navigate to the following setting.
Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups
Right click Restricted Groups and select the option to Add Group…. In the Add Group dialog box click click Browse …. Type Remote Desktop Users in the dialog box and then click Check Names and OK. Again, you will click OK in the Add Group dialog box. Please keep in mind that this GPO is utilizing the Builtin\Remote Desktop Users group for simplicity.
In the Remote Desktop Users Properties dialog box you may add groups that you have created or make the Remote Desktop Users group a member of another group. Choose the option that works best for your environment. I recommend creating a group or group(s) and nesting them in the Remote Desktop Users group to simply the administration of your Active Directory environment.
Enjoy!