RDP block on all servers for all domain admins except two?

josh 1 Reputation point


It's been a while since my last question. I am working on a domain where the admin has moved on and I am taking over. RDP is enabled on the servers, but there seems to be a policy in place where RDP is not allow on all user accounts by default. I am trying to create a domain admin account that has the ability to RDP into these servers. I know it functions because I have an account that does have RDP access. Replicating all membership attributes (groups and security group values) does not allow RDP access to the server.

We are running Server 2012 R2.
Some groups that seem to have no effect on RDP ability:
local Administrators group
Domain administrators group
Enterprise Administrators

I've glanced through group policy manager and editor. I'm not saying there's not something there, but I do not see anything restricting RDP to the servers. The Deny logon through RDS entry under Computer Configuration is empty. So that's good for my case.

I've glanced through Server Manager and everything is running. I see no errors that would represent a service outage of any kind.

(1) If you wanted to make a policy so that all newly created accounts (even administrator level accounts) were denied RDP to servers only, but you wanted certain individual accounts to be able to RDP, and (2) you did not use a local or domain group to accomplish it, how might you do it, and (3) you did not use a local security group to do either, how might you go about it? I'm kind of stumped trying to track this down and would like to be able to create an additional account with RDP rights.

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,558 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,340 questions
0 comments No comments
{count} votes