Similar question at How can I limit the users that have remotely access to PC using xrdp.ini configuration file?
So by default, xrdp will allow any user to perform the remote connection....
To allow only certain users to perform an rdp connection via the XRDP server, you will need to perform the following
Create a group called tsusers
In this group, you add all users that will be allowed to perform the remote session
in the /etc/xrdp/sesman.ini, locate the Section [Security] and change the line 'AlwaysCheckGroup from false to true'
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=**false**
So, your file should be looking like this
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=**true**
Restart the machine or restart the xrdp daemon and give it a try All users being part of this group will be allowed to connect via rdp if users are not part of this group, they will get a popup and will not be allowed to perform their remote session
Refer to sesman.ini Man page to obtain more information
Hope this help
tsusers
has to be a linux group or is it a group defined in/etc/xrdp/sesman.ini
? – Raja Ayaz Dec 17 '22 at 07:39