How to allow active directory users to remote desktop in?

Question

This is my first time setting up or even using active directory.

I set it up, and added the computers(Actually VMs in Hyper V) to the active directory, and if if I use hyper-V to connect to the VMs, I am able to use users from the active directory domain to login to the VMs.

However, if I try to login via remote desktop, I get this error:

The connection was denied because the user account is not authorized for remote login.

I have tried:
- From within active directory, i have added the group that my user is in to Remote Desktop users.
- On the VM itself, adding the active directory group(that contains the user I am trying to login with) to Allow log on through Remote Desktop Services in Local Security Policy.

I still have the same authorization denied error.

How do I properly setup a group in active directory to be able to login with remote desktop on all of my Virtual Machines?

Thanks!

score 42 · Answer 1 · edited Feb 06 '18 at 19:46

42

Start → Run → secpol.msc

Security Settings\Local Policies\User Rights Assignment

Right pane → double-click on Allow log on through Remote Desktop Services → Add Users or Group → enter Remote Desktop Users
Start → Run → services.msc

Look for Remote Desktop Services and make sure the Log on account is Network Service, not Local System.
Check your event logs.

edited Feb 06 '18 at 19:46

Saikat

111

answered Mar 01 '13 at 06:18

Amit Naidu

854

score 19 · Answer 2 · answered Aug 20 '12 at 21:11

19

Add the users in question to the Remote Desktop Users group on each local machine.

answered Aug 20 '12 at 21:11

MDMarra

101,323

score 10 · Answer 3 · answered Aug 22 '15 at 14:42

I think i found the solution to this problem.

Open this in the workstation where you want to connect, Control Panel\System and Security\System, click Advance System Settings. On the Remote tab, on the Remote Desktop group, click the button Select Users...

Click Add and add the user that you want to have access. If you are using AD, make sure you can ping the domain. Always click Check Names, to make sure that the user you are adding are correct. ex: myusername@mydomain.com.

score 3 · Answer 4 · edited Jul 07 '21 at 17:28

Checking the Remote Desktop Services service is very important and also helps to restart it.

I was having the same problem and it was killing me. First thing to do is see if a non domain admin can RDP to and different server. If they can then you just need to worry about a local setting on that Terminal Server.

In my case I added the needed users to Remote Desktop Users group on the DC and then set the Domain Policy in Group Policy Management Console - Group Policy Objects - rt click your default domain policy - edit - Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - User Rights Assignment - Allow log on through remote desktop services. Add "Remote Desktop Users" to this policy.

Then run: gpupdate /force

Then from your Terminal Server: Start - Administrative Tools - Remote Desktop Services - Remote Desktop Session Host Configuration - RDP-Tcp - rt clk - properties - security - Add - Domain Users - Grant then User Access and Guest Access - OK.

Then you have to go to services on the Terminal Server and restart the Remote Desktop Services service. Otherwise the RDP-Tcp setting won't take effect right away.

All users that are part of the Remote Desktop Users group and Domain Users group should now connect.

score 1 · Answer 5 · answered Aug 15 '15 at 07:13

i found the solution for this issue... but i have view questions.. is that domain user? like MSN.COM\john

if your answer yes you should go to user account properties after that go to groups and add this user to remote remote desktop user and remote management user the second thing you go to that remote computer --> go to control panel --> user accounts --> manage other user --> add other user --> after writing the name it will come automatically from the active directory if its join to domain and give this user administrator level

i was facing the same issues before and i was trying to fix it by following these steps...

score 1 · Answer 6 · answered Apr 20 '18 at 19:00

1

What worked for me was adding the user (that needs to log in) to "Remote Desktop Users" group.

Run lusrmgr.msc
Open the user's properties page
Goto "Member Of" tab
Add "Remote Desktop Users"

answered Apr 20 '18 at 19:00

laggingreflex

139

score 0 · Answer 7 · answered Aug 20 '12 at 21:45

0

At first glance I would say you did the right things...
About the only thing that comes to mind is that you used the wrong type of group.
Distribution group in stead of security group.

answered Aug 20 '12 at 21:45

Tonny

6,360
1
20
31

How to allow active directory users to remote desktop in?

7 Answers7