Clients unable to RDP into workstations
Posted on 2016-10-28
We are running a standard Windows 2008 Ad environment with Windows 7 workstations. Many of our users Remote Desktop into their workstations. We control RDP access via GPO settings and this has worked fine. Specifically the GPO setting 'Allow logon through Terminal Services' is set for Builtin\Administrators and Builtin\Remote Desktop Users groups.
Recently, various users in our network have not been able to RDP into their workstations even though they are members of the Remote Desktop group and the GPO policy settings have been successfully applied. This problem does NOT occur for domain admins. The only work around that we have been able to find is if we also add NT Authority\Authenticated Users to the setting 'Access this computer from the network'. Once we do that and in combination with the Remote Desktop Users group GPO, users are able to RDP into the machines without issue.
Unfortunately, 'Access this computer from the network' setting is a STIG violation if you include NT Authority\Authenticated Users and as I understand this should not have any bearing on RDP access anyway.
Can someone tell me why changing these settings is effecting RDP access and what bearing 'Access this computer from the network' setting has.