Unable to remote Login to member servers 2012

Royal D Costa 241 Reputation points
2022-09-22T07:20:18.167+00:00

Hi All

I installed two member servers and added to domain . after reboot I moved them to "SERVERS" OU in the domain. after moving from the "COMPUTERS" OU i am unable to login to member servers with my admin account (also has enterprise admin rights). following is the error. also same account was used for adding systems to Domain. domain controllers and Member servers are 2012 R2.

243775-image.png

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,627 questions
0 comments No comments
{count} votes

Accepted answer
  1. JimmySalian-2011 42,181 Reputation points
    2022-09-22T08:42:58.727+00:00

    Hi,

    If you have GPO that is set to allow only RDP group of users then you get this error message, check if you have GPOs that is setting the policy and adding specific users or groups to allow RDP.

    Create a GPO - RDP Access
    In Group Policy Management Console (GPMC.MSC) select Computer Configuration\Windows Settings\Security Settings\Restricted Groups\
    Right-click Restricted Groups and then click Add Group.
    Click the Browse button, type Remote and click the Check Names and you should see REMOTE DESKTOP USERS come up.
    Click OK in the Add Groups dialog.
    Click Add beside the MEMBERS OF THIS GROUP box then click Browse.
    Type the name of the domain group, then click the Check Names button, then click OK to close this box.
    Click OK to close this box which will complete the addition of the domain group to the Remote Desktop Users group.

    Edit same policy and link it to the OU Servers

    1. Right click the GPO and select edit.
      Navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
      Add the administrators and users you want to assign the RDP permission. This policy will overwrite the default settings.

    Force the GPO via console or reboot the server via console or local admin - Gpupdate /force and try again.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. Royal D Costa 241 Reputation points
    2022-09-22T08:50:28.333+00:00

    Hi @JimmySalian-2011

    There is no such policy enabled which will block the RDP . only default domain policy is enforced and on SERVER OU block inheritance is disabled. in the mean time will try to create GPO as mentioned by you and Post the results.

    0 comments No comments

  2. Royal D Costa 241 Reputation points
    2022-09-22T10:08:19.347+00:00

    @JimmySalian-2011

    I have done the first part. I didn't understand the second part

    Edit same policy and link it to the OU Servers

    1. Right click the GPO and select edit.
      Navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
      Add the administrators and users you want to assign the RDP permission. This policy will overwrite the default settings.

    after applying policy i was able to login, but user logged inn as a basic user not as a administrator this means for every major task i need provide administrator password.


  3. Royal D Costa 241 Reputation points
    2022-09-22T10:38:01.06+00:00

    @JimmySalian-2011

    finally figured it out. you must be member of domain admins group to RDP and to be logged in with the Admin rights. regardless of Enterprise admin rights you need these domain admin rights. added user to Domain admins group and all things seems to be alright.

    Thanks a lot for your support.

    0 comments No comments

  4. JimmySalian-2011 42,181 Reputation points
    2022-09-22T10:41:50.953+00:00

    Glad to know it is sorted, Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    ==
    Please don't forget to upvote and Accept as answer if the reply is helpful

    If this answer helped you please mark it as "Verified" so other users can reference it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.