The Book

User Tools

Site Tools

Trace: rdp_to_dc
microsoft:server:2019:rdp_to_dc

This is an old revision of the document!

Enable Domain Users to sign through Remote Desktop Services

Copied from HERE !!!

This tutorial contains instructions to fix the error “To sign in remotely, you need the right to sign in through Remote Desktop Services”, when trying to connect from Windows Remote Desktop (RDP) Client machines on a Windows Server 2016 which is running Remote Desktop Services.

Problem: Remote Desktop Client users cannot connect remotely (through RDP) to Terminal Server 2016 and receive the error: “To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you're in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.”

Solution

To resolve the “To sign in remotely, you need the right to sign in through Remote Desktop Services” apply the following actions on Remote Desktop Services (RDS) Server 2016 :

<fc #ff0000>Step 1. Add Remote Desktop Users to the Remote Desktop Users Group.</fc>

  • Open Server Manager
  • From Tools menu, select Active Directory Users and Computers.
  • Double click at your domain on the left and then select Builtin.
  • Open Remote Desktop Users on the right pane.
  • At Members tab, click Add.
  • Type the AD users that you want to give Remote access to the RDS Server and click OK.
  • After selecting the remote desktop users, click OK again to close the window.
  • Continue to step-2.

<fc #ff0000> Step 2. Allow the log on through remote desktop Services. </fc>

  • Open <fc #ff0000>Group Policy Editor</fc> (not <fc #c0c0c0>Group Policy Management</fc>). To do that:
  1. Simultaneously press the <fc #6495ed>Win</fc> + <fc #6495ed>R</fc> keys to open run command box.
  2. Type gpedit.msc and press Enter.
  • In Group Policy Editor navigate to:

<fc #6495ed>Computer Configuration→ Windows Settings→ Security Settings→ Local Policies→ User Rights Assignment.</fc>

  • At the right Pane: double click at Allow log on through Remote Desktop Service
  • Click Add User or Group.
  • Type remote and then click Check Names..
  • Select the Remote Desktop Users and click OK.
  • Click OK at <fc #4682b4>'Select users, computers…'</fc> window.
  • Finally click OK again and close Group Policy Editor.
  • Now try to connect from the remote desktop client. The remote sign-in problem should be solved now.

Notes:
1. If you still have sign in problems then restart the RDS server or just open command prompt as administrator and type the following command to apply the new group policy settings (without restart) : 

gpupdate /force

2. If after updating the Group Policy settings, the problem is not resolved, apply the following modification at Group Policy Editor:

  • Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
  • Open the Deny log on through Remote Desktop Services policy and remove the Users group.
  • Close the Policy Editor and run the gpupdate /force command.
microsoft/server/2019/rdp_to_dc.1585234565.txt.gz · Last modified: 2020/03/26 14:56 by rplecko