If a domain user ever attempts to RDP to a Citrix Virtual Desktop Agent (VDA) they see an Access denied error.
Non-brokered access to server VDA which is part of the Xendesktop site is controller through a local group named Direct Access Users. Standard users who are part of this group, will be able to connect to the server through RDP directly (Non-brokered connection). Follow the instructions below to add the users who require direct access to the server:
Create a global security group in Active Directory Users and Computers, add the users that you want to have RDP access to the VDA.
Add the newly created security group to the Direct Access Users local group on the VDA.
RDP to the VDA using an account that is part of the security group.
The VDA must be registered with the Controller for Domain Users to RDP. You must create a machine catalog and delivery group.