Wednesday, 19 June 2013

Remote Desktop Users cannot Connect to Machines even though they are in the Remote Desktop Users Group

If you've added a user/group into the remote desktop user group on a particular machine you may find that the user/group is still unable to log into it through RDP - they'll get an error message along the lines of "Access Denied. To log on to this remote computer, you must be granted the Allow log on through Terminal Services Right....". The fix for this can be applied in two ways:

On a specific machine/server
 
Log on to the machine/server using an account which has admin right
¬ Start , Run , type secpol.msc
¬ In the left side pane of the mmc, navigate to Security Settings>Local Policies>User Rights Assignment
¬ In the right side pane double-click on Allow log on through Remote Desktop Services
¬ Click on add users or groups
¬ Enter Remote Desktop Users
¬ Finally, click OK to save

Now any user who is a member of the Remote Desktop Users group will be able to successfully remote into the server/machine
 
 
On a number of machines via Group Policy
 
 
The above mentioned setting is one which can also be applied through Group Policy if there are multiple machines/servers you wish to allow certain users/security groups to RDP into. The setting which needs to be changed in the group policy is found here:
 
Computer Configuration>Policies>Windows Settings>Local Policies>User Rights Assignment>Allow Log on through Terminal Services
 
Double click on the Allow Log on through Terminal Services policy and then user the "Add User or Group..." button to add the Remote Desktop User group into the policy. Click Apply and then OK to save your settings.
 
Now any user/security group that is a member of the Remote Desktop Users group will be able to successfully remote into any of the servers/machines the group policy applies to

No comments:

Post a Comment