• Status: Solved
  • Priority: High
  • Security: Private
  • Views: 162
  • Last Modified:

Remote Desktop not allowing a user to remote onto her machine

I used this question in the past to solve a Remote Desktop problem:


However today I have a problem that is not resolving.  A user needs to remote onto her desktop and I keep seeing this:

Login failed. (4320)
 Try using Administrator credentials or ensure you have User Access Control permissions.

what should I look at? Her machine is Win7Pro and the domain server is an SBS 2008.
  • 4
  • 3
2 Solutions
Randy DownsOWNERCommented:
See if  this helps

...you must be logged on as a member of the Domain Admins security group.

Start the Remote Access Wizard.
Follow the instructions to complete the wizard.
Once you finish the wizard, you can configure client computers to remotely connect to the local network by doing one of the following:
To configure mobile client computers, such as laptops, that are currently connected to the local network, run the Set Up Computer Wizard, and then select the option to install Connection Manager.
To configure remote client computers not currently connected to the local network, you can create a remote connection disk. You can then use the disk to configure the remote client computer to connect to the local network. Alternatively, users can download Connection Manager from the Remote Web Workplace.
For more information about configuring client computers, see Connect remotely to the server. For more information about using the Remote Web Workplace, see Understanding Remote Web Workplace.
You must also assign users to the Mobile Users security group so they have the necessary permissions for remotely accessing the local network. To do so, assign the Mobile User template, Administrator template, or Power User template to the user account by doing one of the following:
To make existing users a member of this group, run the Change User Permissions Wizard.
If the user does not currently exist, run the Add User Wizard.
wfcrrAuthor Commented:
Still not able to get it working.  I can log on using the network administrator logon, but any other user credentials will not logon.
Randy DownsOWNERCommented:
Try this.

"Allow log on through Terminal Services" security policy setting, and by default it's only set to allow administrators.  Clicking the "Explain" tab says this:

Allow log on through Terminal Services

This security setting determines which users or groups have permission to log on as a Terminal Services client.


On workstation and servers: Administrators, Remote Desktop Users.
On domain controllers: Administrators.
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

wfcrrAuthor Commented:
Can you help with a specific area I need to go to? Idiot proof instructions are greatly appreciated.

I have looked in all the area's I know to look.
Randy DownsOWNERCommented:
This seems pretty comprehensive. They are referring to thin client which is essentially what RDP is. If the previous article is correct, you are looking for "Allow log on through Terminal Services" but accessing the security settings should be the same  via gpupdate. Since this is a domain,m you run the procedure on the server.

The simplest way to resolve this issue is to add your thin client users into the Remote Desktop Users Group (or any other group for that matter) then grant that OU the "Allow log on through Remote Desktop Services" ("Terminal Services" in pre 2008 R2 releases) via:
Start > Run > gpedit.msc
Expand: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Management
Select: Allow log on through Remote Desktop Services
Add Remote Desktop Users to the Policy.
To apply the changes: Start > Run > gpupdate /force
Christopher RourkeProduct Manager @ Experts ExchangeCommented:
Greetings wfcrr,

Are you attempting to use Remote Desktop Connection found standard on Windows machines or is there a 3rd party software at play? Something like say, LogMeIn? I only ask because the error code you posted, 4320, correlates to a semi-recent support article (July 2017) on LogMeIn's user guide:

wfcrrAuthor Commented:
Yes, I it a LogMeIn issue, now that you mention it. I just resolved it with LogMeIn.

wfcrrAuthor Commented:
I want to be able to find this again, in the future and I frequently don't look at my own answers. Gave all the points to Christopher, cuz, that's what the issue was.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now