AD: Unable to perform remote desktop logon
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.
For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:
However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.
Do you have any clue about it?
Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).
active-directory group-policy windows-server-2016
add a comment |
For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.
For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:
However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.
Do you have any clue about it?
Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).
active-directory group-policy windows-server-2016
add a comment |
For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.
For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:
However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.
Do you have any clue about it?
Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).
active-directory group-policy windows-server-2016
For my users in Active Directory, I did setup a GPO in order to allow the remote desktop connections.
For a specific user in particular, I did also manually setup the group membership for Remote Desktop Users:
However, I still get an error while performing a remote logon, saying that the user is not allowed to login in remotely.
Do you have any clue about it?
Please just consider that Admins can correctly perform this operation, and the target machine is a generic windows server machine (no specific role yet installed, just joined to the domain).
active-directory group-policy windows-server-2016
active-directory group-policy windows-server-2016
asked May 19 at 13:45
SubZenoSubZeno
263 bronze badges
263 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
For my users in Active Directory, I did setup a GPO in order to allow
the remote desktop connections.
What specifically did you configure in the GPO?
For a specific user in particular, I did also manually setup the group
membership for Remote Desktop Users.
Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
1
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
1
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
1
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967969%2fad-unable-to-perform-remote-desktop-logon%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
For my users in Active Directory, I did setup a GPO in order to allow
the remote desktop connections.
What specifically did you configure in the GPO?
For a specific user in particular, I did also manually setup the group
membership for Remote Desktop Users.
Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
1
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
1
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
1
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
|
show 1 more comment
For my users in Active Directory, I did setup a GPO in order to allow
the remote desktop connections.
What specifically did you configure in the GPO?
For a specific user in particular, I did also manually setup the group
membership for Remote Desktop Users.
Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
1
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
1
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
1
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
|
show 1 more comment
For my users in Active Directory, I did setup a GPO in order to allow
the remote desktop connections.
What specifically did you configure in the GPO?
For a specific user in particular, I did also manually setup the group
membership for Remote Desktop Users.
Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.
For my users in Active Directory, I did setup a GPO in order to allow
the remote desktop connections.
What specifically did you configure in the GPO?
For a specific user in particular, I did also manually setup the group
membership for Remote Desktop Users.
Did you add this user to the domain Remote Desktop Users group in Active Directory Users and Computers or did you add them to the local Remote Desktop Users on the server itself? You need to add them to the local Remote Desktop Users group on the server itself.
answered May 19 at 14:03
joeqwertyjoeqwerty
98k4 gold badges68 silver badges150 bronze badges
98k4 gold badges68 silver badges150 bronze badges
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
1
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
1
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
1
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
|
show 1 more comment
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
1
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
1
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
1
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
I added the user to the Remote Desktop User group directly in Active Directory Users and Computers. About the GPO, I did follow this guide: thesysadminchannel.com/…
– SubZeno
May 19 at 14:19
1
1
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
The GPO setting is correct but the user must also be a member of the local Remote Desktop Users group on the server itself. Add the user to the local Remote Desktop Users group.
– joeqwerty
May 19 at 14:23
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
Is there no programmatic way to do it? I am looking for is a mean to automatically grant this privilege to all users in a given OU for all computers belonging to a particular group.
– SubZeno
May 19 at 14:35
1
1
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
Sure. You could use Group Policy Preferences to populate the local Remote Desktop Users group on the servers.
– joeqwerty
May 19 at 14:37
1
1
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
Yes, he could add the domain group to the local group. The point is that the user needs to be a member of the local group, either directly or as a member of another group which is a member of the local group. RDP access requires two things: User Rights and Permissions. User rights can be granted locally or via domain based GPO. Permissions can only be granted locally by making the user a member of the local group.
– joeqwerty
May 20 at 3:42
|
show 1 more comment
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967969%2fad-unable-to-perform-remote-desktop-logon%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown