Here is the issue… Domain admins can only RDP to two of my servers if the domain admins group is in the remote desktop users group.
If you remove the domain admin group from the remote desktop users group doamin admins will receive and error when attempting to RDP. As soon as you add the Domain admin group back to the remote desktop users group domain admins can then log back in.
I have only seen this behavior on these two servers. Any idea what could be causing it?
Best Answer
You might want to take a look at the local security policy on the two machines in question. Specifically "Allow log on through Remote Desktop Services" and "Deny log on through Remote Desktop Services" under Local Policies/User Rights Assignment.
If they are DCs, you may also want to check the default domain controller GPO for the same settings under Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/User Rights Assignment.