remote connection was denied because the user account is not authorized for remote login

OHPRS Admin 211 Reputation points
2024-09-26T15:40:31.0333333+00:00

Our office has several Windows 11 workstations. All users are able to remotely connect to their workstations, except one. This is recent, in the past week. This user can connect remotely to other workstations in the domain, just not his own.

From within the Active Directory domain the Administrator can connect to this workstations using RDC. This user cannot, nor can any user. ADUC shows that this user is a member of Domain Users, Remote Desktop Users and HPRS Remote Desktop Users (a security group I added long ago).

Security Group membership is probably not the problem since this user can connect to any other workstation in the domain except his own and no other non-admin domain user can connect to his workstation. As the domain administrator I've run secpol.msc on the troublesome workstation and Local Policies > User Rights Assignment > Allow log on through Remote Desktop Services, looks correct.

How can I fix this? Thanks

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,565 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jacen Wang 655 Reputation points Microsoft Vendor
    2024-09-26T19:06:05.7733333+00:00

    Hello,

    Thank you for posting in the Microsoft Community forum.

    This error usually indicates that the user account does not have the correct user access rights and is unable to establish an RDP connection to the target server.

    It looks like you've checked the local security policy on the problematic workstation. Have you checked the domain level group policy? You can check by following these steps:

    1. On the Server Manager Tools menu, open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) that controls the remote computer, and then select Edit to open the Group Policy Editor.
    2. Select Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
    3. Select Allow logon through Remote Desktop Services. If the policy is enabled, right-click Allow logon through Remote Desktop Services, and then select Properties. If the policy isn't defined, see the next procedure to check the local security policy.
    4. Check the groups that have been assigned this right. If the user doesn't belong to a group that has this right, either add the group to the policy or add the user to one of the groups that is already configured.

    For more information, please refer to the following article:

    Troubleshooting access denied and user not authorized issues in RDS - Windows Server | Microsoft Learn

    I hope this helps.

    Best regards

    Jacen

    ——————————————————————————————————

    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.