Share via

MS Security compliance baseline Windows 11 23 H2 Login Problems

~OSD~ 2,131 Reputation points
2024-07-07T10:24:29.3133333+00:00

Hi,

I am implementing MS security baseline as highlighted in the following screenshot.

User's image

After implementing the baseline, I am NOT able to login to the user account. This account is a local account and I was signed in using this local account.

Any thoughts, should I (pre) add this user account into the Remote Desktop User Group? But that makes me confused as the administrator account has full access.

User's image

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,828 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,776 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,872 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
146 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 45,896 Reputation points Microsoft Vendor
    2024-07-08T01:48:29.48+00:00

    @~OSD~, Thanks for posting in Q&A. Based on my checking, there's a setting named "Deny Remote Desktop Services Log On" which determines which users and groups are prohibited from logging on as a Remote Desktop Services client. By default, Local account group (S-1-5-113) is added into the policy. That is to say, local account will be prevented from remoting to the device.

    User's image

    Please check if you have this setting configured in your security baseline and remove this setting to see if it works.

    https://learn.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-mdm-all?pivots=mdm-23h2

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.