I'm facing an issue with a new user who keeps getting an error saying, 'Connection was denied because the user is not authorized for remote login.' This user is part of the 'Remote Desktop Users' group in Active Directory, and I added them just yesterday. Their laptop is connected to the domain and their permissions match another team member who has RDP access without issues. We've tried running gpupdate /force and rebooting, and I've even removed and re-added the user to the group, plus I tested another computer using my credentials and was able to connect without any problems.
Since the user is in the same office as their department, and there are no saved credentials in Credential Manager, I've made sure to add them directly to the 'Allow log on through Remote Desktop Services Properties' on the server too. This is my first time adding a user to this group as I'm temporarily filling in for the IT position and my manager is also new to these processes. My account was created by my predecessor, so I'm not clear if there are steps I'm overlooking.
Update: I think I may have resolved the issue by adding the user directly to the 'Remote Desktop User Properties' on the designated server, as the other team members were successfully added there. But, I won't know for sure until they're back tomorrow!
4 Answers
Good point about checking for conflicting permissions. I didn't find anything in the event viewer, but I suspect adding the user to the 'Remote Desktop User Properties' on the target server has fixed the issue for now. Let’s see if they can log in when they’re back!
It looks like you might have found the fix with your update! Just a heads up for anyone else having this issue: don't always rely on the AD group permissions for RDP. If things aren't working, you can manually add users directly on the server. Ideally, try to manage permissions through AD groups for easier auditing and consistency, but be cautious when making changes and consult someone who’s got more experience when needed.
Make sure to double-check if the user is part of any other groups that might explicitly deny RDP access or interactive logon. Also, reviewing the server event logs may reveal some hints about what's going wrong.
Is it possible that the user's AD account has restrictions that only allow logins from specific computers? Check if there's a 'Log on to' setting in the user's properties in AD that might be limiting their access.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures