This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 12%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Hi,
I have a Windows 2019 Standard file server, domain member (not the DC), to which I'd like 2 non-Admin user to be able to remote to.
I set up a Group in Active Directory, let's call it AllowRemote, and added these 2 non-Admin users to that group.
I then went into the Remote settings on the server, System Properties > Remote tab > Select users, and added the AllowRemote group. In other words, users who are members of AllowRemote are allowed to remote in, users who are not members are not allowed in.
This works inconsistently. It will work for one user but not for another user.
If I add a user explicitly by username, it works. But I'd prefer to control this by group membership.
How would I go about troubleshooting this to see what's going on behind the scenes?
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Add both users to the built-in Remote Desktop Users group instead (directly or indirectly)
hth
Marcin
Hi,
Thank you for your reply.
Just to be clear - when you say "directly or indirectly" . . . you mean that adding the group AllowRemote to Remote Desktop Users builtin should work?
correct
hth
Marcin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello Dan,
Thank you for posting in Q&A forum.
Hope the information provided by Marcin Policht is helpful.
Is the problem resolved? If no, you can try to troubleshoot the issue as below:
1.Based on the description "This works inconsistently. It will work for one user but not for another user.", what error message do you receive when the other user can not log on remotely?
2.Please check if the 2 non-Admin users are only in this AllowRemote group and not in the other group.
3.Please check if this AllowRemote group is not in other AD groups.
For both point 2 and point 3, if the 2 non-Admin users are also in other AD groups (such as G1) except this AllowRemote group, and / or if this AllowRemote group is also in other AD groups (such as G2) , please check G1 and G2 are not denied to logon this server remotely.
4.Please check the user is not set to log on to specific domain machines on user Properties.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.