The connection was denied because the user account is not authorized

group-policy windows-domain windows-server windows-10 remote-desktop
142,087

Solution 1

Instead of editing the User Rights Assignment on your workstations, consider using a Group Policy Preference (GPP) setting to modify the membership of the Remote Desktop Users group. By default, anyone that is a member of this group will be granted permission to establish a RDC connection to the machine.

Edit the membership of the Remote Desktop Users group with a Group Policy Preference (GPP) setting as follows:

  1. Create a new Security Group such as My Remote Desktop Users. Members of this group will be granted permission to make Remote Desktop connections.
  2. Edit a Group Policy Object and navigate to Computer Configuration/Preferences/Control Panel Settings

  3. Right-click Local Users and Groups and choose New > Local Group enter image description here

  4. Set Action: to Update

  5. In the Group name: drop-down choose Remote Desktop Users (built-in)
  6. Click Add...
  7. In the Local Group Member dialog box click the ... box and find your group (don't type it in manually)
  8. Confirm Action: is set to Add to this group enter image description here
  9. Click OK two times then close the Group Policy editor.
  10. Apply the Group Policy object to computers to which you want users to be able to access.

The advantage of this method is that you can easily grant/revoke Remote Desktop permissions by modifying a user's membership in the My Remote Desktop Users group, instead of having to edit Group Policy to set a new User Rights Assignment policy then wait for it to propagate to your workstations.

Further, edits to the User Rights Assignment policy are not cumulative. In other words, if you have two Group Policies that modify that policy, only one will have an effect. On the other hand, multiple GPPs can be specified to modify the membership of the Remote Desktop Users group.

Solution 2

None of these solutions seemed to work for us.

What we ended up doing is opening control panel > opening user accounts > Manage User Accounts > Click the add button if your user is not there.

We did this on the device we were trying to remote to and added the devices user. Worked like a charm.

Solution 3

Oles,

This method works well to deploy user permissions to a local / client machine from a Windows Server. This is especially powerful if you are trying to control the users and / or computers that can have RDP rights across a large organization. You just need to set up an appropriate Organization Unit structure in your Active Directory, and then apply this GPO as desired. The way you have suggested works, but it's difficult to manage many computers and many users this way, particularly if you are not on-site to do so.

Also note, when you are using the Windows Remote Desktop connection to be sure to use the proper login credentials. At first, I was not including the domain name in the username field, which was causing the RDP connection to be rejected with the "The connection was denied because the user account is not authorized" that started this conversation.

When using RDP to connect to a DOMAIN computer...

Username: DOMAINNAME\USERNAME

Password: **********

After I started using the domain name, this method works perfectly on Windows Server 2019 / Windows 10 clients.

Share:
142,087

Related videos on Youtube

tim.baker
Author by

tim.baker

Updated on September 18, 2022

Comments

  • tim.baker
    tim.baker over 1 year

    I am trying to use Remote Desktop to another PC on our domain. If I use an administrators account this works fine, however when I use a normal user it gives the error:

    The connection was denied because the user account is not authorised for remote login.

    As per these questions I have:

    • Set "Allow Log on through Remote Desktop Services" (adding the Remote Desktop Users group).
    • Added the user to the remote desktop services group
    • Set "Allow users to connect remotely by using Remote Desktop Services"
    • Done gpupdate /force several times on the RD host machine

    If I go in to Remote Settings > Select Users on RD host and add the domain user "walter.white" that user can then login to the machine from the other PC.

    RD Users Settings Screen

    I don't want to have to do that on every machine. I want to set it by GP object which I thought would be "Allow Log on through Remote Desktop Services" - as you can see above this group doesn't appear in this dialog (and I guess is the cause of the issue).

    I know the GP has taken effect as if run "secpol.msc" and look at "Allow logon through Remote Desktop Services", I do see Remote Desktop Services (as well as Walter White which I added to the GP object).

    Local Security Policy taking effect

    We have Windows Server 2012.

    • Ƭᴇcʜιᴇ007
      Ƭᴇcʜιᴇ007 over 7 years
      Did you also apply the Restricted Group changes via GP (as laid out in the last link you provided)?
    • tim.baker
      tim.baker over 7 years
      @Ƭᴇcʜιᴇ007 I may be being stupid but I can't see anything about "Restrictive Groups" in any of those links (and I've tried CNTRL+F on the page!)
    • rogerdpack
      rogerdpack almost 4 years
      Reboot after each change to make sure it took effect? :)
  • tisaconundrum
    tisaconundrum about 4 years
    Is there a way to do this with powershell?
  • Community
    Community over 2 years
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

User Specific Remote Desktop Connection Settings
Remote Desktop from Win10 -> Windows Server 2016 slow, but fast the other way around
domain joined Windows 10 - Disable password requirement on wake up
Windows Hello PIN/Fingerprint "This option is currently unavailable"
Can't Log Out of Windows Server 2008
XRDP status: Can't open PID file
Remote Desktop - RDP blank screen and aborts after disconnect
Export/Import Group Policies and Services Windows 10
Reset default association for MSTSC in Windows 10 1703
Setting disk quotas with Active Directory