can't RDP into server 2012 server in a workgroup (not on domain)

I have a 2012 Server that is not on a domain, it is in a workgroup. I have a computer on the same LAN/SUBNET and I cannot log into it remotely. I get the following error:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you're in doesn't have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted this right manually.

Remote Services is enabled on this server.
Gelly77Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Gelly77Connect With a Mentor Author Commented:
I had to remove the everyone and the administrators group from the deny logon through remote desktop services. All is working now!!!!
0
 
rindiCommented:
Have you added the user to the remote desktop user's group, as suggested in the message you got?
0
 
TropicalBoundConnect With a Mentor Commented:
To grant this access, open the Local Security Policy

Expand Local Policies and select User Rights Assignment.  Right click on the policy named “Allow log on through Remote Desktop Services” and select Properties.

Add the user(s) to the policy.

TB
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
While TropicalBound's suggestion may work, the proper way to do this is as rindi said.

Open computer management from the administrative tools or run compmgmt.msc from an administrative command prompt and expand Local Users and Groups under System Tools.  Click on Groups and then in the middle pane with the list of groups, open Remote Desktop Users and add the account you want to log in with to that group.  It SHOULD allow you to connect without a log off / on or reboot.

See graphic below.RD Users in Computer Management
0
 
Gelly77Author Commented:
I have tested a few different solutions:
1. Added username to Remote Desktop Group - did not work
2. Added username to Allow log on through Remote Desktop Services in local security policy - did not work
3. Remove Everyone group from Deny log on through Remote Desktop Services in local security polity- worked but this cannot be used as it leaves RDP open to everyone.

Any Suggestions?
0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
The DEFAULT setting lists NO ONE / NO GROUP in Deny log on through Remote Desktop Services
Why did you change this?

Windows permissions are MOST RESTRICTIVE.  And they do NOT permit something if not EXPLICITLY granted.  It sounds like you broke this yourself when you (or someone) added the everyone group to the Deny log on through Remote Desktop Services.

Fix that.  Then grant only those you want to have access.  Post SCREEN SHOTS of errors before you make additional changes (once this has been done).
0
 
Gelly77Author Commented:
My solution resolved the issue. The comments from the other submitters assisted me in getting to the solution.
0
All Courses

From novice to tech pro — start learning today.