To allow users in an AD group to access windows 10 desktops remotely …
1) Create the group as a global group in the AD
2) Create an OU for computers that will be in the “Remote Access Pool”
3) Create a GP object that is linked and enforced for that OU with the following settings:
In Computer Configuration – Preferences – Local Users and Groups – Group – Remote Desktop Users add the AD group setup above with Action = Update (see screen shot below)
The Update action is required to update this remote desktop users group every time GP update runs.
A reboot isn’t necessary but, since GP updates don’t happen all the time, you might want to run in an administrative cmd window the command:
gpupdate /force
Also note – you may want to carefully consider related remote desktop settings like allowing only one remote connection at setting a realistic time for disconnecting both idle and disconnected sessions.
Lastly, be sure that you understand remote desktop securely. Your systems should not be accessible from the internet. There are lots of RDP security threats so keep them behind a firewall that does not allow access unless running something like VPN.