Members of ‘Remote Desktop Users’ Not Included in the ‘Allow log on through Remote Desktop Services’ List

Error Message:
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.
Cause:
Local security policy (secpol.msc) has been configured to exclude certain user groups to be absent from the 'Allow logon through Terminal Services' permissions list. Typically, that list would include Administrators, Remote Desktop Users, and Domain Admins. However, Domain Group Policies may strictly enforce certain restrictions leading to disallowing users to interactively RDP onto certain machines.
Error Message:
This setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier. Apply Group Policy objects containing this setting only to computers running a later version of the operating system.
Cause:
This banner appears on certain Windows security policies that have been enforced by Active Directory Group Policy. For instance, certain high-security zones require that only Domain Administrators have access to 'Run as a Service' or 'Allow log on through Terminal Service' under the Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies/User Rights Assignment > Policy=Allow logon through Terminal Services or Policy=Run as a Service > Setting='Domain Admins',BUILTIN\Administrators

Leave a Reply

Your email address will not be published. Required fields are marked *