Archived Forums
>Remote Desktop Services [Terminal Services]
Question
-
0
Sign in to vote
Windows Server 2008 Standard R2/64
Remote Desktop Services, CALs applied.
The Built-In "Remote Desktop Users" group is populated with a Domain based Group for remote Access.
I have a GPO for the "Default Domain Controllers Policy" where; security settings\local policies\user rights assignment --> "Allow log on through Remote Desktop Services" has been properly populated.
I can use RDP to access Domain Participant workstations but I havelost access to the server and I can't figure out why.
I have Google-searched for relevant documentsbut what Ifind tells me what I can do to set it up. This justverifies what I have done is already correct but something is broken.
I have even gone into "Remote Desktop Session Host Configuration" --> rdp-tcp --> securityNo matter what, I have lost access as both aUser andas an Administrator and I always get...
"To log on to this remote computer, you must be granted the Allow log on through Terminal Services right..."
I ran RSoP on the server to see if there are conflicting policies or if "Deny log on through Remote Desktop Services" was accidently populated.
"Deny log on through Remote Desktop Services" is Not Defined so there are no explicit denials.
The "Default Domain Controller Policy" is the Source GPO and it is properly populated.Friday, November 14, 2014 4:18 PM
All replies
-
0
Sign in to vote
Hi,
Thank you for posting in Windows Server Forum.
Which version of client RDP you are using?
Apart please check the setting as per below snap and try to add the user under specific setting on server and verify whether able to access the RDP connection from client system.
Hope it helps!
Thanks.Dharmesh Solanki
TechNet Community Support
- Edited by Dharmesh SMicrosoft employee Monday, November 17, 2014 5:47 AM
Monday, November 17, 2014 5:46 AM
-
0
Sign in to vote
Hi,
Thanks for your comment.
Here suggest you to try creating New User account without providing any permission and verify whether facing same issue with that users.
Apart have you done any change on effected server side, as can’t connect to single server so might be there is some firewall blocking the client connection. Check RDP port [3389] is still open, check RDS service is running,
Remote Desktop disconnected or can’t connect to remote computer or to Remote Desktop server [Terminal Server] that is running Windows Server 2008 R2
//support.microsoft.com/kb/2477176
In meantime, try following registry whether it can resolve your case.
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
3. Click Edit, point to New, and then click DWORD Value.
4. In the New Value #1 box, type IgnoreRegUserConfigErrors, and then press ENTER.
5. Right-click IgnoreRegUserConfigErrors, and then click Modify.
6. In the Value data box, type 1, click Decimal, and then click OK.
Exit Registry Editor.
Hope it helps!
Thanks.Dharmesh Solanki
TechNet Community Support
- Proposed as answer by Dharmesh SMicrosoft employee Monday, November 24, 2014 3:10 AM
- Marked as answer by Dharmesh SMicrosoft employee Wednesday, November 26, 2014 3:10 AM
Thursday, November 20, 2014 9:44 AM
-
0
Sign in to vote
Thank You for your assistance Dharmesh
Fixed.
The idea of creating a new account, etc., lead me in the direction of the resolution which may have been a SID issue.
- Edited by LIPRnet Friday, November 21, 2014 8:20 PM
Friday, November 21, 2014 3:22 PM
Allow users to connect remotely by using Remote Desktop Services
This policy setting allows you to configure remote access to computers by using Remote Desktop Services.
If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.
Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
Supported on: At least Windows Server 2003 operating systems or Windows XP Professional
Enable policy:
| RegistryHive | HKEY_LOCAL_MACHINE |
| RegistryPath | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
| ValueName | fDenyTSConnections |
| ValueType | REG_DWORD |
| Value | 0 |
| RegistryHive | HKEY_LOCAL_MACHINE |
| RegistryPath | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
| ValueName | fDenyTSConnections |
| ValueType | REG_DWORD |
| Value | 1 |
terminalserver.admx
To Allow Users or Groups to Logon with Remote Desktop in Windows 10,
- PressWin+Rkeys together on your keyboard and type:secpol.msc
Press Enter.
- Local Security Policy will open. Go toUser Local Policies -> User Rights Assignment.
- On the right, double-click the option Allow log on through Remote Desktop Services.
- In the next dialog, clickAdd User or Group.
- Click on theAdvancedbutton.
- Now, click on theObject Typesbutton.
- Ensure that you have theUsersandGroupsitems checked and click on theOKbutton.
- Click on theFind nowbutton.
- From the list, select the user account or group to allow log on through RDP for it. You can select more than one entry at once by holding the ShiftorCtrlkeys and clicking on the items the list.
- Click on theOKbutton to add the selected items to the Object names box.
- Click on theOK button to add the selected items to the policy list.
You are done.
To undo the change, remove the user account from the list in the Allow log on through Remote Desktop Servicespolicy.
If your Windows edition doesn't include thesecpol.msctool, you can use thentrights.exetool fromWindows 2003 Resource Kit. Many resource kit tools released for previous Windows versions will run successfully on Windows 10. ntrights.exe is one of them.