Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Clients unable to RDP into workstations

Posted on 2016-10-28
5
Medium Priority
?
50 Views
Last Modified: 2016-12-02
We are running a standard Windows 2008 Ad environment with Windows 7 workstations.  Many of our users Remote Desktop into their workstations.  We control RDP access via GPO settings and this has worked fine.  Specifically the GPO setting 'Allow logon through Terminal Services' is set for Builtin\Administrators and Builtin\Remote Desktop Users groups.

Recently, various users in our network have not been able to RDP into their workstations even though they are members of the Remote Desktop group and the GPO policy settings have been successfully applied.  This problem does NOT occur for domain admins.  The only work around that we have been able to find is if we also add NT Authority\Authenticated Users to the setting 'Access this computer from the network'.  Once we do that and in combination with the Remote Desktop Users group GPO, users are able to RDP into the machines without issue.

Unfortunately, 'Access this computer from the network' setting is a STIG violation if you include NT Authority\Authenticated Users and as I understand this should not have any bearing on RDP access anyway.  

Can someone tell me why changing these settings is effecting RDP access and what bearing 'Access this computer from the network' setting has.

Thanks
0
Comment
Question by:sagdoc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 41864544
Simply put, the "access this computer from the network" right is required to be able to access resources on the computer from the network.  I assume this would include being able to log on to a remote desktop session. The Users group normally has this right.  Is the Users group missing from the local security policy/access this computer from the network on the workstations?
0
 

Author Comment

by:sagdoc
ID: 41867282
The Users group is missing from local security policy/ access this computer from the network, but that is by design since it is also removed from the GPO.  Since they are members of the Remote Desktop group then that should be sufficient?
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 41867470
You can use the "Allow logon through Remote Desktop Services" right instead:

https://technet.microsoft.com/en-us/library/dn221985(v=ws.11).aspx

Enable this policy and add the Remote Desktop Users group to the list, and you should be OK.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 41909925
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question