How to fix remote desktop access in Windows Server 2012 R2

active-directorygroup-policyremote desktopremote-desktop-serviceswindows-server-2012-r2

Kind of an embarrassing question but…

One day I was playing around with GPOs to try and grant local Administrator access to a specific User group for a specific Client computer.

Somehow, I messed up the GPO. I have since deleted that GPO and I can’t find the original guide I was following.

The end result is that I now have a server running Windows Server 2012 R2, which I cannot connect to via RDP, using a domain Administrator account!

I receive the following message when attempting to connect as a domain Administrator:

To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right. If the group you are in doesn’t have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.

Basically, how can I “undo” the effects of that old GPO, and return the RDP access settings to their default state? I know I could just add “Administrators” to the list of allowed users in the control panel, but I want to make sure I actually reverse whatever changes I accidentally made before.

Best Answer

Finally found the problem. Launch gpedit.msc, navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services In my case this was empty, whereas on my working Servers it had the group Administrators. Adding the group Administrators immediately fixed my problem.

Best Answer

Related Solutions

Windows – How to send ctrl+alt+del using Remote Desktop

Security – Remote Desktop Connection Denied because the user account is not authorized for remote login

Related Topic