Cannot connect to my VM via bastion

Question

Hello,

In this moment , all my vm's are inside my company , and i can only access the vm's via bastion.
I was doing some changes in GPO's and policies , and one of the changes was :

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

• Modify the Access this computer from the network policy to allow only the necessary admin groups.

And

• Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
• Configure the policy Deny access to this computer from the network and include privileged accounts (like Domain Admins) to prevent remote logon from unauthorized devices.

Im sure that i put domain admins in the first change , and domain users in the second change.
After the restart of the server , i cannot connect saying that the server denied the connection.

Can someone help me please?

Thanks you
best regards

Answer 1

Hello PEREIRA Timoteo,

Thank you for posting in Q&A forum.

From the link below, I can see:

The Domain Users group includes all user accounts in a domain. When you create a user account in a domain, it's automatically added to this group.

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#domain-users

And “Deny access” takes precedence over “Allow access”.

You could try to use Powershell Remoting to modify GPO.

Ref:PowerShell remoting - PowerShell | Microsoft Learn

Set-GPRegistryValue (GroupPolicy) | Microsoft Learn

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.