Demote desktop fail

Grace Yin 106 Reputation points


We created an AD account for an outside vendor to remote to a server. We set up the Logon to limitation to only allow the account to log into the server not other domain computers.

The vendor uses his own computers which is non domain computer to log into our VPN first and then remote to the server with our domain name in front of his user name, but he got the error message like the image below. Where did I miss and how to fix it? Need help!


Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
3,066 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Dave Patrick 330.9K Reputation points

    This one may sort it.

    --please don't forget to Accept as answer if the reply is helpful--

    No comments

  2. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,441 Reputation points Microsoft Employee


    Please try below steps.

    1. When you set Log-on-to limitation, you will also need to add the vendor's own computer to the list of "the user can log on to".
      That means the host names of both the server and vendor computer need to be added to below list.
    2. Make sure you have added the user AD account to the Remote Desktop User group of the server.
      On the server > Local Users and Groups > Remote Desktop Users >Properties >Add members

    Hope above steps could help.


    No comments