How to allow a user to login via Remote Desktop?
I am using Windows Server 2012 and I want to grant a user access to login on the Remote Desktop. But when I do that I get the error:
Logon Failure: the user has not been granted the requested logon type at this computer
But I think that this is not possible.
The user is created in the OU called RemoteUsers and they have a Group Policy that allows to login via Terminal Services and to Logon Locally (for Everyone.)
The user also has the role "Remote Desktop Users"
Did I do something wrong and how can I give the user access to logon on the Remote Desktop?
Note: I've already run gpupdate /force without any success.
permissions remote-desktop login windows-server-2012
edited Dec 6 at 2:42
Mosrod
175
asked Dec 5 at 21:22
Koen Hollander
1378
add a comment |
I am using Windows Server 2012 and I want to grant a user access to login on the Remote Desktop. But when I do that I get the error:
Logon Failure: the user has not been granted the requested logon type at this computer
But I think that this is not possible.
The user is created in the OU called RemoteUsers and they have a Group Policy that allows to login via Terminal Services and to Logon Locally (for Everyone.)
The user also has the role "Remote Desktop Users"
Did I do something wrong and how can I give the user access to logon on the Remote Desktop?
Note: I've already run gpupdate /force without any success.
permissions remote-desktop login windows-server-2012
edited Dec 6 at 2:42
Mosrod
175
asked Dec 5 at 21:22
Koen Hollander
1378
add a comment |
I am using Windows Server 2012 and I want to grant a user access to login on the Remote Desktop. But when I do that I get the error:
Logon Failure: the user has not been granted the requested logon type at this computer
But I think that this is not possible.
The user is created in the OU called RemoteUsers and they have a Group Policy that allows to login via Terminal Services and to Logon Locally (for Everyone.)
The user also has the role "Remote Desktop Users"
Did I do something wrong and how can I give the user access to logon on the Remote Desktop?
Note: I've already run gpupdate /force without any success.
permissions remote-desktop login windows-server-2012
edited Dec 6 at 2:42
Mosrod
175
asked Dec 5 at 21:22
Koen Hollander
1378
I am using Windows Server 2012 and I want to grant a user access to login on the Remote Desktop. But when I do that I get the error:
Logon Failure: the user has not been granted the requested logon type at this computer
But I think that this is not possible.
The user is created in the OU called RemoteUsers and they have a Group Policy that allows to login via Terminal Services and to Logon Locally (for Everyone.)
The user also has the role "Remote Desktop Users"
Did I do something wrong and how can I give the user access to logon on the Remote Desktop?
Note: I've already run gpupdate /force without any success.
permissions remote-desktop login windows-server-2012
permissions remote-desktop login windows-server-2012
edited Dec 6 at 2:42
Mosrod
175
asked Dec 5 at 21:22
Koen Hollander
1378
edited Dec 6 at 2:42
Mosrod
175
asked Dec 5 at 21:22
Koen Hollander
1378
edited Dec 6 at 2:42
Mosrod
175
edited Dec 6 at 2:42
Mosrod
175
edited Dec 6 at 2:42
Mosrod
175
175
asked Dec 5 at 21:22
Koen Hollander
1378
asked Dec 5 at 21:22
Koen Hollander
1378
asked Dec 5 at 21:22
Koen Hollander
1378
1378
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The User Right Assignments you're specifying need to affect the computer objects in Active Directory, not your user object. In other words, the GPO linked to your "RemoteUsers" OU needs to be linked to the OU where the computer(s) your users are logging in.
Then, since your users are members of the Everyone group, they'll be able to connect remotely, as long as Remote Desktop is enabled on the target computers (e.g. by enabling it directly on the machine or enabling the Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Allow users to connect remotely using Remote Desktop Services group policy setting).
A Better Way to Grant Remote Desktop Rights
Modifying the default User Right Assignment security settings is a less preferred method of granting users the right to use Remote Desktop, particularly because URA group policies are not cumulative. Instead, the URA specified in the last GPO which is applied "wins," overwriting previously applied GPOs. This makes management of these policies difficult on anything but a small scale.
A better approach is to use a Group Policy Preference to add the target user or group to the computer's Remote Desktop Users group (which is granted the required URA by default). For more information, refer to this Microsoft TechNet blog post.
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
add a comment |
protected by Community♦ Dec 6 at 11:41
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The User Right Assignments you're specifying need to affect the computer objects in Active Directory, not your user object. In other words, the GPO linked to your "RemoteUsers" OU needs to be linked to the OU where the computer(s) your users are logging in.
Then, since your users are members of the Everyone group, they'll be able to connect remotely, as long as Remote Desktop is enabled on the target computers (e.g. by enabling it directly on the machine or enabling the Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Allow users to connect remotely using Remote Desktop Services group policy setting).
A Better Way to Grant Remote Desktop Rights
Modifying the default User Right Assignment security settings is a less preferred method of granting users the right to use Remote Desktop, particularly because URA group policies are not cumulative. Instead, the URA specified in the last GPO which is applied "wins," overwriting previously applied GPOs. This makes management of these policies difficult on anything but a small scale.
A better approach is to use a Group Policy Preference to add the target user or group to the computer's Remote Desktop Users group (which is granted the required URA by default). For more information, refer to this Microsoft TechNet blog post.
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
add a comment |
The User Right Assignments you're specifying need to affect the computer objects in Active Directory, not your user object. In other words, the GPO linked to your "RemoteUsers" OU needs to be linked to the OU where the computer(s) your users are logging in.
Then, since your users are members of the Everyone group, they'll be able to connect remotely, as long as Remote Desktop is enabled on the target computers (e.g. by enabling it directly on the machine or enabling the Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Allow users to connect remotely using Remote Desktop Services group policy setting).
A Better Way to Grant Remote Desktop Rights
Modifying the default User Right Assignment security settings is a less preferred method of granting users the right to use Remote Desktop, particularly because URA group policies are not cumulative. Instead, the URA specified in the last GPO which is applied "wins," overwriting previously applied GPOs. This makes management of these policies difficult on anything but a small scale.
A better approach is to use a Group Policy Preference to add the target user or group to the computer's Remote Desktop Users group (which is granted the required URA by default). For more information, refer to this Microsoft TechNet blog post.
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
add a comment |
The User Right Assignments you're specifying need to affect the computer objects in Active Directory, not your user object. In other words, the GPO linked to your "RemoteUsers" OU needs to be linked to the OU where the computer(s) your users are logging in.
Then, since your users are members of the Everyone group, they'll be able to connect remotely, as long as Remote Desktop is enabled on the target computers (e.g. by enabling it directly on the machine or enabling the Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Allow users to connect remotely using Remote Desktop Services group policy setting).
A Better Way to Grant Remote Desktop Rights
Modifying the default User Right Assignment security settings is a less preferred method of granting users the right to use Remote Desktop, particularly because URA group policies are not cumulative. Instead, the URA specified in the last GPO which is applied "wins," overwriting previously applied GPOs. This makes management of these policies difficult on anything but a small scale.
A better approach is to use a Group Policy Preference to add the target user or group to the computer's Remote Desktop Users group (which is granted the required URA by default). For more information, refer to this Microsoft TechNet blog post.
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
The User Right Assignments you're specifying need to affect the computer objects in Active Directory, not your user object. In other words, the GPO linked to your "RemoteUsers" OU needs to be linked to the OU where the computer(s) your users are logging in.
Then, since your users are members of the Everyone group, they'll be able to connect remotely, as long as Remote Desktop is enabled on the target computers (e.g. by enabling it directly on the machine or enabling the Computer/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Allow users to connect remotely using Remote Desktop Services group policy setting).
A Better Way to Grant Remote Desktop Rights
Modifying the default User Right Assignment security settings is a less preferred method of granting users the right to use Remote Desktop, particularly because URA group policies are not cumulative. Instead, the URA specified in the last GPO which is applied "wins," overwriting previously applied GPOs. This makes management of these policies difficult on anything but a small scale.
A better approach is to use a Group Policy Preference to add the target user or group to the computer's Remote Desktop Users group (which is granted the required URA by default). For more information, refer to this Microsoft TechNet blog post.
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
edited Dec 6 at 15:18
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
answered Dec 5 at 22:24
Twisty Impersonator
17.7k136395
17.7k136395
add a comment |
add a comment |
protected by Community♦ Dec 6 at 11:41
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
