![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 78%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 38%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
Welcome to the Microsoft Q&A Platform!
RDP Logon Failed: The Requested Type of Logon Is Not Allowed on This Computer
This error is almost always caused by Group Policy or Local Security Policy settings that control who is allowed (or denied) to log on via Remote Desktop Services. Even if the user is a Domain Admin or local Administrator, RDP access can still be blocked if these policies are not configured correctly.
I would like to share you the key causes and solutions that can you get through this.
1. Allow Logon Through Remote Desktop Services
- Ensure the user or a group they belong to (e.g., Domain Admins, Administrators) is explicitly listed in the "Allow logon through Remote Desktop Services" policy.
Path: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Allow logon through Remote Desktop Services
- Add Administrators, Domain Admins, or the specific user/group.
- If only Remote Desktop Users is listed and your admin account is not in that group, RDP will fail.
2. Check “Deny logon through Remote Desktop Services”
- If your user or group appears here, it overrides all allow rules. Remove the user or any group they belong to from this policy.
- Even if the policy is undefined, check for any other GPOs that might apply this setting.
3. Membership in Remote Desktop Users Group
On the production server, verify:
- The user is part of Remote Desktop Users
- The user is part of a group included in the allow policy.
4. Policy Precedence
If multiple GPOs set these rights, the most restrictive setting applies. Run this command on the server to check effective settings:
gpresult /h report.html
Open the report and verify which policy is applying the logon rights.
5. Registry Workaround (if DC query fails)
If the server cannot read user rights from the domain controller, you can force it to use local settings:
HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
fQueryUserConfigFromLocalMachine = 1 (DWORD)
fQueryUserConfigFromDC = 0 (DWORD)
Then, restart the server after applying.
Note: This answer has been translated using a translation tool. Please note that there may be grammatical or semantic errors. Thank you for your understanding. If there is any unclear part of the answer, please leave it in the comments and we will get back to you as soon as possible.
Thank you for asking your question.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 43%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)