AD: Unable to perform remote desktop logon





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







2















For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.



For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:



enter image description here



However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.



Do you have any clue about it?
Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).






active-directory group-policy windows-server-2016







share|improve this question





























    2















    For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.



    For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:



    enter image description here



    However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.



    Do you have any clue about it?
    Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).






    active-directory group-policy windows-server-2016







    share|improve this question

























      2












      2








      2








      For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.



      For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:



      enter image description here



      However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.



      Do you have any clue about it?
      Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).






      active-directory group-policy windows-server-2016







      share|improve this question














      For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.



      For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:



      enter image description here



      However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.



      Do you have any clue about it?
      Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).






      active-directory group-policy windows-server-2016




      active-directory group-policy windows-server-2016






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 19 at 13:45









      SubZenoSubZeno

      263 bronze badges




      263 bronze badges






















          1 Answer
          1






          active

          oldest

          votes


















          5















          For my users in Active Directory, I did setup a GPO in order to allow
          the remote desktop connections.




          What specifically did you configure in the GPO?




          For a specific user in particular, I did also manually setup the group
          membership for Remote Desktop Users.




          Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.






          share|improve this answer
























          • I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

            – SubZeno
            May 19 at 14:19






          • 1





            The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

            – joeqwerty
            May 19 at 14:23











          • Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

            – SubZeno
            May 19 at 14:35






          • 1





            Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

            – joeqwerty
            May 19 at 14:37






          • 1





            Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

            – joeqwerty
            May 20 at 3:42














          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "2"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967969%2fad-unable-to-perform-remote-desktop-logon%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          5















          For my users in Active Directory, I did setup a GPO in order to allow
          the remote desktop connections.




          What specifically did you configure in the GPO?




          For a specific user in particular, I did also manually setup the group
          membership for Remote Desktop Users.




          Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.






          share|improve this answer
























          • I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

            – SubZeno
            May 19 at 14:19






          • 1





            The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

            – joeqwerty
            May 19 at 14:23











          • Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

            – SubZeno
            May 19 at 14:35






          • 1





            Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

            – joeqwerty
            May 19 at 14:37






          • 1





            Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

            – joeqwerty
            May 20 at 3:42
















          5















          For my users in Active Directory, I did setup a GPO in order to allow
          the remote desktop connections.




          What specifically did you configure in the GPO?




          For a specific user in particular, I did also manually setup the group
          membership for Remote Desktop Users.




          Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.






          share|improve this answer
























          • I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

            – SubZeno
            May 19 at 14:19






          • 1





            The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

            – joeqwerty
            May 19 at 14:23











          • Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

            – SubZeno
            May 19 at 14:35






          • 1





            Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

            – joeqwerty
            May 19 at 14:37






          • 1





            Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

            – joeqwerty
            May 20 at 3:42














          5












          5








          5








          For my users in Active Directory, I did setup a GPO in order to allow
          the remote desktop connections.




          What specifically did you configure in the GPO?




          For a specific user in particular, I did also manually setup the group
          membership for Remote Desktop Users.




          Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.






          share|improve this answer














          For my users in Active Directory, I did setup a GPO in order to allow
          the remote desktop connections.




          What specifically did you configure in the GPO?




          For a specific user in particular, I did also manually setup the group
          membership for Remote Desktop Users.




          Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered May 19 at 14:03









          joeqwertyjoeqwerty

          98k4 gold badges68 silver badges150 bronze badges




          98k4 gold badges68 silver badges150 bronze badges













          • I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

            – SubZeno
            May 19 at 14:19






          • 1





            The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

            – joeqwerty
            May 19 at 14:23











          • Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

            – SubZeno
            May 19 at 14:35






          • 1





            Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

            – joeqwerty
            May 19 at 14:37






          • 1





            Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

            – joeqwerty
            May 20 at 3:42



















          • I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

            – SubZeno
            May 19 at 14:19






          • 1





            The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

            – joeqwerty
            May 19 at 14:23











          • Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

            – SubZeno
            May 19 at 14:35






          • 1





            Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

            – joeqwerty
            May 19 at 14:37






          • 1





            Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

            – joeqwerty
            May 20 at 3:42

















          I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

          – SubZeno
          May 19 at 14:19





          I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…

          – SubZeno
          May 19 at 14:19




          1




          1





          The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

          – joeqwerty
          May 19 at 14:23





          The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.

          – joeqwerty
          May 19 at 14:23













          Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

          – SubZeno
          May 19 at 14:35





          Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.

          – SubZeno
          May 19 at 14:35




          1




          1





          Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

          – joeqwerty
          May 19 at 14:37





          Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.

          – joeqwerty
          May 19 at 14:37




          1




          1





          Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

          – joeqwerty
          May 20 at 3:42





          Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.

          – joeqwerty
          May 20 at 3:42


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967969%2fad-unable-to-perform-remote-desktop-logon%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          He _____ here since 1970 . Answer needed [closed]What does “since he was so high” mean?Meaning of “catch birds for”?How do I ensure “since” takes the meaning I want?“Who cares here” meaningWhat does “right round toward” mean?the time tense (had now been detected)What does the phrase “ring around the roses” mean here?Correct usage of “visited upon”Meaning of “foiled rail sabotage bid”It was the third time I had gone to Rome or It is the third time I had been to Rome

          Image
          Engineer refusing to file/disclose patents Extending the spectral theorem for bounded self adjoint operators to bounded normal operators Do varchar(max), nvarchar(max) and varbinary(max) columns affect select queries? Why is it that I can sometimes guess the next note? What linear sensor for a keyboard? Why don’t women say שלא עשני גויה and שפחה, according to Ashkenazim? Did arcade monitors have same pixel aspect ratio as TV sets? anything or something to eat Query about absorption line spectra Can I use my Chinese passport to enter China after I acquired another citizenship? Fuse symbol on toroidal transformer Create all possible words using a set or letters Does the Mind Blank spell prevent the target from being frightened? Can I sign legal documents with a smiley face? When quoting, must I also copy hyphens used to divide words that continue on the next line? Hot bath for aluminium engine block and heads Journal losing indexing services Is it possib
          Read more

          Bunad

          Image
          Tradisjonelle folkedrakter frå Aust-Telemark, truleg frå 1880-åra. Drakter som dette er grunnlaget for moderne bunadar. Foto: Axel Lindahl Bunad frå Eggedal i Buskerud fotografert i 1906. Bunad (frå kledebunad , der norrønt «búnaðr» har same rot som (føre)bu) er ei samnemning brukt om klesdrakter i tradisjonell nordisk stil — ofte utvikla frå folkedrakter, men likevel i ein eigen tradisjon. Ein bunad er typisk ei forseggjort og kostbar drakt, med mykje broderi, og med handsmidde smykke i gull eller sølv, særleg dei særeigne søljene, som obligatorisk prynad i tillegg. Bunad og bunadbruk er eit debattemne med mange ulike oppfatningar, til dømes om kva som er ein bunad, og om ein kan endra på utforminga av draktene eller ikkje. Den norske bunadrørsla går tilbake til folkedansrørsla og føregangsfolk som Hulda Garborg og Klara Semb. I dag blir bunad brukt som nasjonaldrakt. Festbunad er likestilt med galla-antrekk, og ofte nytta ved særskilde høve, som konfirmasjonar eller d
          Read more

          Færeyskur hestur Heimild | Tengill | Tilvísanir | LeiðsagnarvalRossið - síða um færeyska hrossið á færeyskuGott ár hjá færeyska hestinum

          Image
          FæreyjarHestar færeyskahjaltlandshestinumíslenski hesturinnBretlandskolanámumenskuWikipediafæreyskuWikipediaRossið - síða um færeyska hrossið á færeysku Færeyskur hestur Úr Wikipediu, frjálsa alfræðiritinu Jump to navigation Jump to search Rani og Grani. Grani í vetrarfeldi. Færeyski hesturinn (færeyska: Føroyska rossið ) er hestur sem hefur lifað í Færeyjum í hundruði ára. Hann er smágerður, 120-132 cm á hæð, og helst skyldur hjaltlandshestinum. Hlutverk hans var að draga vagna og plóg og bera klyfjar. Hann hefur fjórar gangtegundir eins og íslenski hesturinn (þar með talið tölt) og er með fjölda litaafbrigði. Nú til dags er hann notaður til frístunda. Í lok 19. aldar voru til um 800 hross. Mörg þeirra voru seld til Bretlands til að vinna í kolanámum og um 1960 voru aðeins nokkrir hestar eftir. Átak var gert í að varðveita hestinn og eru nú til 70-80 hross í Færeyjum. [1] Heimild |   Wikimedia Commons er með margmiðlunarefni sem te
          Read more