[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Remote desktop users cannot login by RDP

Posted on 2012-08-12
24
Medium Priority
?
1,866 Views
Last Modified: 2012-08-26
I have made a user a member of the "Remote Desktop Users" group but the user cannot use RDP to log in to a server on the domain.

Any Ideas to make this user be able to log in with out making the user a member of the domain admins group?

RDP access is enabled on the server(s) in question to be logged into.
Remote desktop users group is in the GPO for - allow log on locally and allow log on through Remote desktop services.
0
Comment
Question by:jimmylew52
  • 11
  • 7
  • 4
  • +2
24 Comments
 
LVL 13

Expert Comment

by:Xaelian
ID: 38285440
What version of server OS do you have? 2008?

You can take a look at this website: http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_Remote_Desktop_Administration

If you can't get it to work, what error does the user get?

Then I'll look for a solution when I'm back home.
0
 
LVL 24

Expert Comment

by:Nagendra Pratap Singh
ID: 38285472
Can admins login it?

it could be a firewall or other issue.
0
 
LVL 4

Expert Comment

by:jkockler
ID: 38285495
We need the error message please.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jimmylew52
ID: 38285766
Thank You for your response.

The domain is on a 2008 R2.

The servers are a mixture of 2008R2 and 2003R2.

Yes I can RDP to all of these servers using an administrator account or someone that is in the domain admins group.

Error Message:

To log on to this remote computer, you must have Terminal Server User Access Permissions on the computer. By Default, members of the Remote Desktop Users group have these permissions.  If you are mot a member of the Remote Desktop Users group  or another group that has these permissions, or if the Remote Desktop Users group  does not have these permissions, you must be granted these permissions manually.
0
 
LVL 13

Assisted Solution

by:Xaelian
Xaelian earned 648 total points
ID: 38285839
Have you taking a look at the website I provided? Everything is described there for win serv 2008 (also r2).
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38285842
I have reviewed the site and I cannot find anything on it i have not already done or checked.
0
 
LVL 13

Assisted Solution

by:Xaelian
Xaelian earned 648 total points
ID: 38285923
Have you also checked this?

RDP setting
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38286004
Version 7.1 is being used but the selection "Run initial program specified by user profile and Remote Desktop Connection or client" is selected.
0
 
LVL 13

Assisted Solution

by:Xaelian
Xaelian earned 648 total points
ID: 38286031
You got citrix installed or anything similar? Because in my experience that may cause some problems with RDP, but can be resolved.
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38286037
Nothing else in the way of remote connections is installed.

I created a new group and assigned it to the GPO, refreshed the policy on the connection server and it still fails. The new group, as well as the remote Desktop group, is in the local GPO policy for "Allow log on locally" and Allow log on through Terminal Services.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 38286602
Is this server a member server, there is a remote desktop users group. is this user added to the local group?
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38288227
Is this server a member server,    yes

there is a remote desktop users group.     yes

is this user added to the local group?        yes
0
 
LVL 4

Assisted Solution

by:jkockler
jkockler earned 852 total points
ID: 38297650
In your RD Session Host Configuration -- properties of the connection -- security tab -- what permissions does the remote desktop users group have?

Where are you linking this GPO exactly? You state the group is in the GPO, but is the GPO linked to an appropriate OU?
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38298207
Configured GPO is the default domain GPO.

Remote desktop users are power users. log on locally, log on through terminal services rights.
0
 
LVL 4

Assisted Solution

by:jkockler
jkockler earned 852 total points
ID: 38298230
Maybe try creating a separate GPO for these policies, and then link it to the OU this problem server is in.

Also have you tried the GPO resultant set policy wizard, to see what gets applied?
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38298321
Tried a separate GPO - no change

GPO resultant policy shows the policy is working.

The security group i created is in the local Power Users group and hte Remote desktop users group. However, the users in the security group cannot RDP into the server and the security group is not in the users list in the remote access users lisl.  If I go to the server and add the security group I created to the remote access users list on the local server they then get RDP access. This would be fine except I have many servers and cannot go to each one and add the security group in a timely fashion.
0
 
LVL 4

Assisted Solution

by:jkockler
jkockler earned 852 total points
ID: 38298434
Just curious, what if you add a user directly to the remote desktop users group. Does it work then without modifying the remote access user list?
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38311306
Adding the user directly to the local remote desktop users group does add them to the remote access user list and they are able to RDP in.
0
 
LVL 4

Assisted Solution

by:jkockler
jkockler earned 852 total points
ID: 38311599
Hmmm,, but if you add your security group to the remote desktop group, but then only add the remote desktop users group to the remote users list, they do not get in?

That's either a bug, or somewhere this security group has a permissions conflict, that is taking precedence over the remote desktop users group being a member of the remote access users list.

Is the security group in a default container, or did you create a new container?
0
 
LVL 1

Author Comment

by:jimmylew52
ID: 38313801
Security group is in a default container. From what I can find on the internet, this is a bug.

I am trying some command line scripts to see if I can get around the problem.
0
 
LVL 4

Expert Comment

by:jkockler
ID: 38314701
Yeah sounds like a bug. Let me know how it turns out.
0
 
LVL 1

Accepted Solution

by:
jimmylew52 earned 0 total points
ID: 38316220
Created the security group "RemotePowerUsers" and put the users in that security group. The Group Policy and running the following from a command prompt on the DC for each server fixed the problem. A pain but it is working.

C:\pstools\psexec \\<server name> net localgroup "Remote Desktop Users" systrends\RemotePowerUsers /ADD

Thanks to everyone for trying to help.
0
 
LVL 4

Expert Comment

by:jkockler
ID: 38316965
Hey nice! good to know there is a fix.
0
 
LVL 1

Author Closing Comment

by:jimmylew52
ID: 38333799
Found the solution on the internet combining several sites.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question