you do not have access to logon to this session

mmsoftware
mmsoftware used Ask the Experts™
on
I've setup a DC with GPO's that restrict some user on the network. I'm logon to the DC as administrator. I want to RDP to the all the workstations in the network. It all work fine when I'm RDP from the DC to Domain Admin user. My problem is when I try to RDP to a client using a Domain User login it show a error massage  : "you do not have access to logon to this session."
Please help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You will need to setup a group policy that gives your user ID permission to log in via RDP to all of your workstations.

Author

Commented:
Can you please point out witch specific setting do I need to apply for this to work
In Group Policy you'll need to apply this either at the root or the specific OU where your workstations are contained:

Computer Config>Windows Settings>Security Settings>Restricted Groups>(Enter your User ID)
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Author

Commented:
I've done that. Still the same error. How would restricting a group help me to grant access fot them to remote login
To add a domain group to the Remote Desktop Users group via Group Policy

   1.

      To open Group Policy Management Console, click Start, click Run, and then type GPMC.msc.
   2.

      Create and link a GPO named Restricted Groups to the terminal server OU.
   3.

      Right-click the Restricted Groups GPO linked to the terminal server OU, and then click Edit.
   4.

      You can configure the Restricted Groups setting in the following location in Group Policy Object Editor:

      Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
   5.

      Right-click Restricted Groups and then click Add Group.
   6.

      Click Browse, click Locations, select the locations you want to browse, and then click OK.
   7.

      Type Remote Desktop Users in the Enter the object names to select text box and then click Check Names. Or, click Advanced, and then click Find Now to list all available groups.
   8.

      Click the Remote Desktop Users group and then click OK.
   9.

      Click OK in the Add Groups dialog box to close it. The Remote Desktop Users Properties dialog box is then displayed.
  10.

      Click Add in the Members of this group section of the dialog box.
  11.

      Click Browse.
  12.

      Type the name of the domain group in the Select Users or Groups dialog box. Click Check Names, and then click OK to close this dialog box.
  13.

      Click OK to close this dialog box to finish adding the domain group to the Remote Desktop Users group.

Author

Commented:
Ok. I've done that. Now when I try to RDP to the client  - error : The policy of this ssytem does not permit you to login interactively.
You'll need to allow some time for the computer accounts to take in the new group policy settings.  Do you have more than one DC in your AD environment?  If so, please wait ~20 minutes, then go to a workstation, open a command prompt and type:  gpupdate /force  Type yes to restart the computer, then test and see if it's working.

Commented:
Make sure that the Remote Desktop Users group has sufficient permissions to log on through Terminal Services. To do this, follow these steps:

- Click Start, click Run, type secpol.msc, and then click OK.
- Expand Local Policies, and then click User Rights Assignment.
- In the right pane, double-click Allow logon through Terminal Services. Make sure that the Remote Desktop Users group is listed.
- Click OK.
- In the right pane, double-click Deny logon through Terminal Services. Make sure that the Remote Desktop Users group is not listed, and then click OK.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial