LDAP & RDP FVM

Hi,

i have a problem configuring LDAP server authentication on a fortigate VM.

FVM 5.6.6

Windows 2012 (RDP server) and Domain Controller 

Everyone in that office connect to this RDP server to work (Via VPN).Now they have installed a web program for internal work.

When they are connected to the rdp server I need to let navigate (http and https) user i want (administrators): the others shouldn't. I've setup an LDAP server and i've "Selected" and imported users. 

I dont know how to block, cause if i create two policy like this

1 LAN TO WAN - SRC:ALL/ADMINISTRATORS-USER accept

2 LAN TO WAN- SRC:ALL DENY

they all go to DENY cause it's like when i'm logged via RDP it doesn't recognise the user i guess...