Kind of an embarrassing question but…
One day I was playing around with GPOs to try and grant local Administrator access to a specific User group for a specific Client computer.
Somehow, I messed up the GPO. I have since deleted that GPO and I can’t find the original guide I was following.
The end result is that I now have a server running Windows Server 2012 R2, which I cannot connect to via RDP, using a domain Administrator account!
I receive the following message when attempting to connect as a domain Administrator:
To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right. If the group you are in doesn’t have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.
Basically, how can I “undo” the effects of that old GPO, and return the RDP access settings to their default state? I know I could just add “Administrators” to the list of allowed users in the control panel, but I want to make sure I actually reverse whatever changes I accidentally made before.
Best Answer
Finally found the problem. Launch
gpedit.msc
, navigate toComputer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services
In my case this was empty, whereas on my working Servers it had the groupAdministrators
. Adding the groupAdministrators
immediately fixed my problem.