We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Having issues with allowing a normal user remote desktop connection to domain controller.

Medium Priority
Last Modified: 2013-11-21
When attempting to logon Terminal Services running on a DC, I receive this message: "To log on this remote computer, you must be granted the Allow log on through Terminal Services right.  By default, members of the Remote Desktop Users group have this right.  If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User Group does not have this right, you must be granted this right manually."

Now I have tried several solutions:

- Assigning the user to "The Allow log on through Terminal Services" right, using local policy(gpedit.msc).
- Assign permission to use TS Configuration. Go to that, select the properties of RDP-Tcp.
- The Allow logon to terminal server check box under user properties.
- Assign the user to Access this computer from network.
- Assign the user to Allow log on locally.

It seems none of this is allowing the user to log in I was hoping someone could help with this and help me get my head around it.
Watch Question

Pete LongTechnical Architect
Distinguished Expert 2019

Hello mattskiver,

Your  methodology is sound? however if this is a DC what has been set in the domain controller securty policy?




Domain Controllers security policies have not be touched, and most remain either 'not configured' or 'not defined' well their at default values.
Most user rights for DCs are setted using the Domain Controller GPO. I'd suggest to add your users to the Remote Desktop Users group (Domain Local since your server is a DC). Also, make sure that you installed the Terminal service in Application mode.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Administrators can log in through terminal services, it is only the users who cannot connect, the users have been added to Remote Desktop Users Group and we still proceed to having the same problem. If possible could anyone post a template of their user permissions in group policies so I can compare what we have?

"Also, make sure that you installed the Terminal service in Application mode."


"Also, make sure that you installed the Terminal service in Application mode." We have installed this feature as adminsitrators can log in using RDC, user can not currently. It allows 2 users to RDC at any one time.


Thanks, the link helps but I am not sure about one thing I currently have active directory on a dc I am giving access to the user on the dc to connect through remote desktop, now the active directory is replicated onto a second server but it does not let me remote desktop in to it any ideas?


We are still stuck with this problem does anyone have any ideas?


It was ts having to be in terminal service mode
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.