Then it's even more weird...
Restricted Admin Mode
Mikhail Firsov
1,881
Reputation points
Hello!
Have anyone spotted any difference in how Restricted Admin Mode works in Windows Server 2019?
I'm asking that question because after deploying exactly the same remote access configuration as in my Windows Server 2016 environment in the new network with Windows Server 2019 machines I can't seem to make RDP with Restricted Admin Mode work.
I've doubled-checked that
1) all respective machines (both servers and workstations) have the following GPO settings applied:
a) Require Restricted Admin Mode
b) Restrict Delegation of credential to remote servers -enabled
2) I'm trying to RDP with the user account that is a member of the local Administrators group on the target server
In the Windows Server 2016 environment it works as expected:
In the Windows Server 2019 environment the error arises as if the Restricted Admin mode were not enabled (I had no problems connecting to the Win2019 server prior to applying the gpo with the RDP-related settings):
Thank you in advance,
Michael
Windows for business | Windows Server | User experience | Other
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Reza-Ameri 45,821 Reputation points Volunteer Moderator2021-05-27T15:13:29.427+00:00 Have you tried to use the gpupdate /force command?
If yes, then try open the Feedback Hub app in one of the Windows 10 PCs (since it is not available in the Windows Server) and under categories select the Windows Server and report this issue.
Sign in to comment
4 answers
Sort by: Most helpful
-
Mikhail Firsov 1,881 Reputation points
2021-06-01T07:23:12.457+00:00 Have you added the DisableRestrictedAdmin regestry key as on my screenshot above?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-06-02T01:17:32.787+00:00 I tried values with 0 and 1 , no difference there, I will test again.
Sign in to comment -
-
Mikhail Firsov 1,881 Reputation points
2021-05-31T10:24:16.357+00:00 "Have you tried this on another server2019 ?" - yes, I have, and it clarifies nothing: I installed another Windows Server 2019 VM - Srv4 - alongside with the first one - Srv1, and it did work... I have no explanation for that. Here's my test lab:
1) Both servers 2019 are hosted on the same host machine (Host1) and were deployed using the same ISO:
2) Both of them are just standalone servers - no policies have been applied to them, the single setting applied was DisableRestrictedAdmin set to 0 (I also created one more local admin account - Admin):
3) Now if I connect to Srv4 from ANY other computer (server or workstation, domain-joined or not) - I will succeed:
4) Connecting to Srv1 would fail for any client and for any user (Administrator or Admin):
In fact this newly-installed Srv4 is the only Windows Server 2019 machine that I can connect to - all other Win2019 servers produce the same error.
I re-deployed some of my Windows Server 2016 machines and tested them again - all of them are working flawlessly.
Regards,
Michael-
Anonymous
2021-06-01T06:10:54.487+00:00 Thanks for your clarified explanation.
I tried your same test, but I got below result:
:(
Sign in to comment -
-
Anonymous
2021-05-28T06:22:24.377+00:00 Hello @Mikhail Firsov
Please check if below article helps:
Pass-The-Hash with RDP in 2019
Restrict delegation of credentials to remote serversBest Regards
Karlie----------
If the Answer is helpful, please click "Accept Answer" and upvote it.
-
Mikhail Firsov 1,881 Reputation points
2021-05-28T10:38:08.723+00:00 Hello all,
KarlieWeng-MSFT, thank you for the interesting articles but they can't help...
"...and report this issue." - yes, thanks!
Regards,
Michael -
Anonymous
2021-05-31T01:14:24.62+00:00 Have you tried this on another server2019 ? Does it has the same performance..
Sign in to comment -