Terminal Server not allowing users to log on
Solution 1
Had same issue and I've found that my user was in Deny log on through Remote Desktop Services
policy (in Security Settings > Local Policies > User Rights Assignment
). After I removed him from this policy I was able to log on successfully.
Solution 2
Your server is probably in Remote Administration mode, rather than Application Server mode. To change that, install the "Terminal server" component, either from Add/Remove Programs or from the "Configure Your Server Wizard".
Related videos on Youtube
David Gard
Updated on September 18, 2022Comments
-
David Gard over 1 year
We use 4x Terminal Servers that allow users to log on correctly, but a newly added 5th TS is only allowing Admins to log on.
When trying to log on as a user who is not in the built-in 'Administrators' group the following error is displayed -
To log on to this remote computer, you must be granted the Allow log on through Terminal Services right. By default, members of the Remote Desktop Users group have this right. If you are not a member of the Remote Desktop Users group or another group that has this right, or if the Remote Desktop User group does not have this right, you must be granted this right manually.
I have ensured that the follow is true -
- The new server is in the same OU as the old servers, thus the same GPO's are applied.
- All users that have been tested are a member of the
Remote Desktop Users
group. - The new server allows member of the
Remote Desktop Users
group to log on. I checked by following these steps -- Rub
gpedit.msc
. - Navigate to
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
. - Ensure that the setting
Allow log on through Terminal Services
lists theRemote Desktop Users
group.
- Rub
What else can I check to fix this problem? Thanks.
-
Christian over 10 yearsTry enabling success and failure auditing for "logon events". That will probably only give you a second data point for the missing logon right, after the error message, but then you will know that the system really thinks the TS logon right is not there.
-
Jonathan Kortleven about 9 yearsHave you checked the scope of the GPO's? GPO security settings? Item level targetting inside the GPO itself?
-
David Gard over 10 yearsThanks, but I have already installed the Terminal Server role on the server.