Installing RD Session Host on a Domain Controller

Updated: February 16, 2011

Applies To: Windows Server 2008 R2

Installing the RD Session Host role service on an Active Directory domain controller is not recommended. Allowing users to run programs on a domain controller could create security risks and performance issues.

If the RD Session Host role service is installed on a domain controller, the security settings of the domain controller will need to be adjusted to allow users to have remote access to the server. This remote access is controlled by the Allow logon through Remote Desktop Services user rights assignment, which can be configured by using the Group Policy Management Console (GPMC).

On a domain controller, by default, only the Administrators group is granted the Allow logon through Remote Desktop Services user right. To allow remote access to the RD Session Host server for users who are not members of the Administrators group, you should grant the Remote Desktop Users group the Allow logon through Remote Desktop Services user right.

For more information about using GPMC to configure user rights assignments, see the Group Policy Management Console Help in Windows Server 2008 R2.

For more information about licensing requirements for Remote Desktop Services, see the Remote Desktop Services Design Guide to be published on the Windows Server 2008 R2 Remote Desktop Services TechCenter (https://go.microsoft.com/fwlink/?LinkId=138055).