MS Security compliance baseline Windows 11 23 H2 Login Problems

~OSD~ 2,201 Reputation points
2024-07-07T10:24:29.3133333+00:00

Hi,

I am implementing MS security baseline as highlighted in the following screenshot.

User's image

After implementing the baseline, I am NOT able to login to the user account. This account is a local account and I was signed in using this local account.

Any thoughts, should I (pre) add this user account into the Remote Desktop User Group? But that makes me confused as the administrator account has full access.

User's image

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Microsoft Security | Intune | Compliance
Windows for business | Windows Server | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2024-07-08T01:48:29.48+00:00

    @~OSD~, Thanks for posting in Q&A. Based on my checking, there's a setting named "Deny Remote Desktop Services Log On" which determines which users and groups are prohibited from logging on as a Remote Desktop Services client. By default, Local account group (S-1-5-113) is added into the policy. That is to say, local account will be prevented from remoting to the device.

    User's image

    Please check if you have this setting configured in your security baseline and remove this setting to see if it works.

    https://learn.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-23h2

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.