User without local admin rights can't connect to Win8 PC via RDP












0















We have a user that until recently had local admin rights on his Win10 PC. He needs to connect to a Win8 VM on Azure via Remote Deskop. This worked fine until we had to remove his local admin rights.



Now he always gets a 0x80004005 Authentication error if he tries to connect.
If we run RDP as an admin it works again.



Any idea why this happens?






windows-10 windows-8 remote-desktop administrator







share|improve this question



























    0















    We have a user that until recently had local admin rights on his Win10 PC. He needs to connect to a Win8 VM on Azure via Remote Deskop. This worked fine until we had to remove his local admin rights.



    Now he always gets a 0x80004005 Authentication error if he tries to connect.
    If we run RDP as an admin it works again.



    Any idea why this happens?






    windows-10 windows-8 remote-desktop administrator







    share|improve this question

























      0












      0








      0








      We have a user that until recently had local admin rights on his Win10 PC. He needs to connect to a Win8 VM on Azure via Remote Deskop. This worked fine until we had to remove his local admin rights.



      Now he always gets a 0x80004005 Authentication error if he tries to connect.
      If we run RDP as an admin it works again.



      Any idea why this happens?






      windows-10 windows-8 remote-desktop administrator







      share|improve this question














      We have a user that until recently had local admin rights on his Win10 PC. He needs to connect to a Win8 VM on Azure via Remote Deskop. This worked fine until we had to remove his local admin rights.



      Now he always gets a 0x80004005 Authentication error if he tries to connect.
      If we run RDP as an admin it works again.



      Any idea why this happens?






      windows-10 windows-8 remote-desktop administrator




      windows-10 windows-8 remote-desktop administrator






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 4 at 16:49









      RemyRemy

      1111213




      1111213






















          1 Answer
          1






          active

          oldest

          votes


















          2














          Local admin accounts include the ability to connect via RDP. To give the user rights to RDP without full admin rights, add them to the local "Remote Desktop Users" group from the system in question.



          Click Start and type "compmgmt.msc"
          Expand "Local Users and Groups"
          Click Groups and then double-click "Remote Desktop Users" on the right
          Add the users account (remember to add from the domain, rather than the local system, if this is a domain environment.)



          Computer Mgmt - adding user for RDP privilege on local system






          share|improve this answer
























          • I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

            – Remy
            Jan 14 at 9:01











          • Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

            – Remy
            Jan 14 at 9:12











          • No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

            – Debra
            Jan 14 at 16:45











          • There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

            – Remy
            Jan 14 at 18:56











          • As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

            – Debra
            Jan 14 at 19:17













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1390611%2fuser-without-local-admin-rights-cant-connect-to-win8-pc-via-rdp%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2














          Local admin accounts include the ability to connect via RDP. To give the user rights to RDP without full admin rights, add them to the local "Remote Desktop Users" group from the system in question.



          Click Start and type "compmgmt.msc"
          Expand "Local Users and Groups"
          Click Groups and then double-click "Remote Desktop Users" on the right
          Add the users account (remember to add from the domain, rather than the local system, if this is a domain environment.)



          Computer Mgmt - adding user for RDP privilege on local system






          share|improve this answer
























          • I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

            – Remy
            Jan 14 at 9:01











          • Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

            – Remy
            Jan 14 at 9:12











          • No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

            – Debra
            Jan 14 at 16:45











          • There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

            – Remy
            Jan 14 at 18:56











          • As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

            – Debra
            Jan 14 at 19:17


















          2














          Local admin accounts include the ability to connect via RDP. To give the user rights to RDP without full admin rights, add them to the local "Remote Desktop Users" group from the system in question.



          Click Start and type "compmgmt.msc"
          Expand "Local Users and Groups"
          Click Groups and then double-click "Remote Desktop Users" on the right
          Add the users account (remember to add from the domain, rather than the local system, if this is a domain environment.)



          Computer Mgmt - adding user for RDP privilege on local system






          share|improve this answer
























          • I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

            – Remy
            Jan 14 at 9:01











          • Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

            – Remy
            Jan 14 at 9:12











          • No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

            – Debra
            Jan 14 at 16:45











          • There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

            – Remy
            Jan 14 at 18:56











          • As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

            – Debra
            Jan 14 at 19:17
















          2












          2








          2







          Local admin accounts include the ability to connect via RDP. To give the user rights to RDP without full admin rights, add them to the local "Remote Desktop Users" group from the system in question.



          Click Start and type "compmgmt.msc"
          Expand "Local Users and Groups"
          Click Groups and then double-click "Remote Desktop Users" on the right
          Add the users account (remember to add from the domain, rather than the local system, if this is a domain environment.)



          Computer Mgmt - adding user for RDP privilege on local system






          share|improve this answer













          Local admin accounts include the ability to connect via RDP. To give the user rights to RDP without full admin rights, add them to the local "Remote Desktop Users" group from the system in question.



          Click Start and type "compmgmt.msc"
          Expand "Local Users and Groups"
          Click Groups and then double-click "Remote Desktop Users" on the right
          Add the users account (remember to add from the domain, rather than the local system, if this is a domain environment.)



          Computer Mgmt - adding user for RDP privilege on local system







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 9 at 18:06









          DebraDebra

          3,85011021




          3,85011021













          • I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

            – Remy
            Jan 14 at 9:01











          • Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

            – Remy
            Jan 14 at 9:12











          • No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

            – Debra
            Jan 14 at 16:45











          • There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

            – Remy
            Jan 14 at 18:56











          • As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

            – Debra
            Jan 14 at 19:17





















          • I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

            – Remy
            Jan 14 at 9:01











          • Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

            – Remy
            Jan 14 at 9:12











          • No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

            – Debra
            Jan 14 at 16:45











          • There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

            – Remy
            Jan 14 at 18:56











          • As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

            – Debra
            Jan 14 at 19:17



















          I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

          – Remy
          Jan 14 at 9:01





          I've tried that, but the user is an Azure AD user and I usually can't see them on the list. So I just added "Everybody" to the group. But that did not change anything.

          – Remy
          Jan 14 at 9:01













          Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

          – Remy
          Jan 14 at 9:12





          Also, I've done this on the local PC, not the one we connect to. Did I get that correctly?

          – Remy
          Jan 14 at 9:12













          No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

          – Debra
          Jan 14 at 16:45





          No, the account has to exist on the one you're connecting to (the "remote" system) to allow that user to RDP to that system.

          – Debra
          Jan 14 at 16:45













          There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

          – Remy
          Jan 14 at 18:56





          There we use a different account that is shared between people. And if I start his RPD with Admin rights it works.

          – Remy
          Jan 14 at 18:56













          As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

          – Debra
          Jan 14 at 19:17







          As stated, Administrator accounts include the right to RDP to the system. If you want a non-admin to be able to RDP to a system, they must be added to the "Remote Desktop Users" group on the target system. The username & password that is being used to connect must be exactly the same as what is set on the target remote system. There is no way I know of around this requirement. And FWIW, giving this right to the "Everyone" group creates a huge security risk. I am not understanding why you don't just add the individual's user account to the RDP group and make the passwords the same.

          – Debra
          Jan 14 at 19:17




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1390611%2fuser-without-local-admin-rights-cant-connect-to-win8-pc-via-rdp%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Terni

          Image
          Questa voce o sezione sull'argomento Umbria non è ancora formattata secondo gli standard . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Segui i suggerimenti del progetto di riferimento. Terni comune Localizzazione Stato   Italia Regione Umbria Provincia Terni Amministrazione Sindaco Leonardo Latini (Lega Nord) dal 25-06-2018 Territorio Coordinate 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Coordinate: 42°34′N 12°39′E  /  42.566667°N 12.65°E 42.566667; 12.65  ( Terni ) Altitudine 130 m s.l.m. Superficie 211,90 km² Abitanti 111 189 [1] (31-12-2017) Densità 524,72 ab./km² Frazioni Vedi elenco Comuni confinanti Acquasparta, Arrone, Colli sul Velino (RI), Labro (RI), Montecastrilli, Montefranco, Narni, Rieti (RI), San Gemini, Spoleto (PG), Stroncone Altre informazioni Cod. postale 05100 Prefisso 0744 Fuso orario UTC+1 Codice ISTAT...
          Read more

          A new problem with tex4ht and tikz

          Image
          3 When run through pdflatex the code snippet below produces: but when I run it through make4ht the following web page, without the numbers, is generated: (The difference in scale is an artifact of my skills in taking screenshots.) Here is the code: documentclass{article} usepackage{tikz} begin{document} begin{tikzpicture} foreach x in {-3,...,3} { draw(x,0.25) --(x,0)node[below]{x}; } foreach x in {-2.5,...,2.5} { draw(x,0.18) --(x,0); } draw[thick,<->](-3.5,0)--(3.5,0); filldraw[blue!50!white](1.5,0) circle (1mm); draw[red] (-3.5,-1) rectangle (3.5,1); % make bounding box higher end{tikzpicture} end{document} Only the first line of the tikzpicture environment is necessary. The rest is just to show that everything else is OK. I am...
          Read more

          Sun Ra

          Image
          .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento compositori statunitensi non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Sun Ra Sun Ra nel 1992 al conservatorio del New England Nazionalità   Stati Uniti Genere Fusion Free jazz Hard bop Space music Jazz d'avanguardia Musica sperimentale Big band Periodo di attività musicale 1934 – 1993 Strumento pianoforte, sintetizzatore Modifica dati su Wikidata  · Manuale .mw-parser-output .citazione-table{margin-bottom:.5em;font-size:95%}.mw-parser-output .citazione-table td{padding:0 1.2em 0 2.4em}.mw-parser-output...
          Read more