Solved

Remote desktop doesn't work for non-admin user

Posted on 2009-06-27
7
1,009 Views
Last Modified: 2013-11-21
Folks,

I have created a user in Windows 2008 server and made the user a member of the Remote Desktop Users group.  I've checked the RDP-Tcp Properties (security tab) and I see Remote Desktop Users has "user access" and "guest access" allowed, but not "full control".    Under "system properties"/Remote tab, I have selected "Allow connection only from computers running Remote Desktop with NLA".  Under "Select users..." I've added this new account I created.

When I login via remote desktop connection, I see the login screen, but it has the message "To log on to this remote computer, you must be granted the Allow log on through Terminal Services right.  By Default, members of the Remote Desktop Users group..."

please help!  what am I doing wrong?

note that i prematurely accepted this answer.  this isn't an NLA issue:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_24503417.html#discussion
0
Comment
Question by:sfun28
7 Comments
 
LVL 4

Expert Comment

by:nasserd
ID: 24728208
The error message you describe refers to Local User and Groups account.  Every individual user may not have "Allow log on through Terminal Services" selected (it's a checkbox)... so group membership and access rights are, in fact, separate security concerns.
0
 
LVL 5

Expert Comment

by:AngelGabriel
ID: 24728219
check the individual user accounts, to make sure they can log on by terminal server - admins get around this by being in the administrator group.
0
 
LVL 1

Author Comment

by:sfun28
ID: 24728583
Where specifically should I go to enable Terminal Services for my user?

Under properies of "My Computer"/ Remote Settings  I there's a "Select Users..." button.  My user (not group) is in that list already.

In the User's properties under Computer Manager I don't see an option.  The "Terminal Services Profile" tab has a checkbox to "deny this user permission to lo on to terminal server" but that check box is unchecked currently.

How do I give this specific user access to login to via RDC?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 24732177
Run RSOP.msc (Resultant Set Of Policies) and expand the following policy tree
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Check the settings
* Allow log on through Terminal Services
* Deny log on through Terminal Services

If user is member of any group that has been granted access and at the same time is a member of a group that has been denied access, the deny setting will override.
0
 
LVL 1

Author Comment

by:sfun28
ID: 24733195
hi jenjoh09,

I followed the policy tree, both settings say "Not defined".  When I click into them, the "Template security policy setting"  tag has options that are disabled, with a note that says "This setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier.  Apply group policy objects containing this setting only to computers running a later version of the operating system"

To be honest I have no clue what this means.  I'm running Windows 2008 Server.

thoughts?
0
 
LVL 1

Author Comment

by:sfun28
ID: 24741847
henjoh09?
0
 
LVL 1

Accepted Solution

by:
sfun28 earned 0 total points
ID: 24750945
figured it out.  gpedit.msc, add Remote Desktop Users group to the Allow... setting.
why this isn't there by default is beyond me.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question