Remote desktop doesn't work for non-admin user

Folks,

I have created a user in Windows 2008 server and made the user a member of the Remote Desktop Users group.  I've checked the RDP-Tcp Properties (security tab) and I see Remote Desktop Users has "user access" and "guest access" allowed, but not "full control".    Under "system properties"/Remote tab, I have selected "Allow connection only from computers running Remote Desktop with NLA".  Under "Select users..." I've added this new account I created.

When I login via remote desktop connection, I see the login screen, but it has the message "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right.  By Default, members of the Remote Desktop Users group..."

please help!  what am I doing wrong?

note that i prematurely accepted this answer.  this isn't an NLA issue:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_24503417.html#discussion
LVL 1
sfun28Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nasserdCommented:
The error message you describe refers to Local User and Groups account.  Every individual user may not have "Allow log on through Terminal Services" selected (it's a checkbox)... so group membership and access rights are, in fact, separate security concerns.
0
AngelGabrielCommented:
check the individual user accounts, to make sure they can log on by terminal server - admins get around this by being in the administrator group.
0
sfun28Author Commented:
Where specifically should I go to enable Terminal Services for my user?

Under properies of "My Computer"/ Remote Settings  I there's a "Select Users..." button.  My user (not group) is in that list already.

In the User's properties under Computer Manager I don't see an option.  The "Terminal Services Profile" tab has a checkbox to "deny this user permission to lo on to terminal server" but that check box is unchecked currently.

How do I give this specific user access to login to via RDC?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Henrik JohanssonSystems engineerCommented:
Run RSOP.msc (Resultant Set Of Policies) and expand the following policy tree
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Check the settings
* Allow log on through Terminal Services
* Deny log on through Terminal Services

If user is member of any group that has been granted access and at the same time is a member of a group that has been denied access, the deny setting will override.
0
sfun28Author Commented:
hi jenjoh09,

I followed the policy tree, both settings say "Not defined".  When I click into them, the "Template security policy setting"  tag has options that are disabled, with a note that says "This setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply group policy objects containing this setting only to computers running a later version of the operating system"

To be honest I have no clue what this means.  I'm running Windows 2008 Server.

thoughts?
0
sfun28Author Commented:
henjoh09?
0
sfun28Author Commented:
figured it out.  gpedit.msc, add Remote Desktop Users group to the Allow... setting.
why this isn't there by default is beyond me.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.