Solved

can't RDP into server 2012 server in a workgroup (not on domain)

Posted on 2014-11-26
7
462 Views
1 Endorsement
Last Modified: 2015-01-18
I have a 2012 Server that is not on a domain, it is in a workgroup. I have a computer on the same LAN/SUBNET and I cannot log into it remotely. I get the following error:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you're in doesn't have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted this right manually.

Remote Services is enabled on this server.
1
Comment
Question by:Gelly77
7 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 40466907
Have you added the user to the remote desktop user's group, as suggested in the message you got?
0
 
LVL 3

Assisted Solution

by:TropicalBound
TropicalBound earned 166 total points
ID: 40466912
To grant this access, open the Local Security Policy

Expand Local Policies and select User Rights Assignment.  Right click on the policy named “Allow log on through Remote Desktop Services” and select Properties.

Add the user(s) to the policy.

TB
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 334 total points
ID: 40466985
While TropicalBound's suggestion may work, the proper way to do this is as rindi said.

Open computer management from the administrative tools or run compmgmt.msc from an administrative command prompt and expand Local Users and Groups under System Tools.  Click on Groups and then in the middle pane with the list of groups, open Remote Desktop Users and add the account you want to log in with to that group.  It SHOULD allow you to connect without a log off / on or reboot.

See graphic below.RD Users in Computer Management
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Gelly77
ID: 40470329
I have tested a few different solutions:
1. Added username to Remote Desktop Group - did not work
2. Added username to Allow log on through Remote Desktop Services in local security policy - did not work
3. Remove Everyone group from Deny log on through Remote Desktop Services in local security polity- worked but this cannot be used as it leaves RDP open to everyone.

Any Suggestions?
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 334 total points
ID: 40470738
The DEFAULT setting lists NO ONE / NO GROUP in Deny log on through Remote Desktop Services
Why did you change this?

Windows permissions are MOST RESTRICTIVE.  And they do NOT permit something if not EXPLICITLY granted.  It sounds like you broke this yourself when you (or someone) added the everyone group to the Deny log on through Remote Desktop Services.

Fix that.  Then grant only those you want to have access.  Post SCREEN SHOTS of errors before you make additional changes (once this has been done).
0
 

Accepted Solution

by:
Gelly77 earned 0 total points
ID: 40546492
I had to remove the everyone and the administrators group from the deny logon through remote desktop services. All is working now!!!!
0
 

Author Closing Comment

by:Gelly77
ID: 40556015
My solution resolved the issue. The comments from the other submitters assisted me in getting to the solution.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my previous 24 VMware Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most featured Intermediate VMware Topics. My next series of articles concentrated on topics for the VMware Novice;   If you would…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now